Should Companies Pay Ransomware Demands or Stand Firm?

I recently came across a case where a mid-sized company paid a huge ransom to recover their data because they felt they had no choice. On one hand, it restored their operations quickly, but on the other, it felt like fueling the cybercrime economy.

If ransomware gangs keep evolving with AI, the pressure on businesses will only increase. Personally, I think prevention and backups are the smarter investment, but in the heat of the moment, many don’t have that luxury.

What’s your take? Should businesses ever pay ransomware demands, or should there be a strict no-negotiation policy?