Dutch researchers analyzed police and incident response data to understand what factors contribute to a ransomware victim’s likelihood of paying. They found that companies working with third-party incident response firms were the most willing to pay their extortionists, and that insurance coverage or data exfiltrated in the attack correlated with higher ransom payments but not necessarily with paying a ransom in the first place. Among the 430 victims studied, 28% reported paying a ransom, with the average payment being approximately €431,000 (about $469,781). The study also found that companies with insurance paid significantly higher ransoms than those without. Additionally, companies with backed-up data were less likely to pay a ransom, but when they did, they paid more than those without backups. The study concluded that companies who hired incident response firms were more likely to pay a ransom compared to those who only reported incidents to the police. It also found that information technology companies were the most lucrative target for ransomware actors, likely due to the critical services they provide. Additionally, the researchers corrected a previous statement, clarifying that data exfiltration increases the amount of payment but does not correlate with a higher likelihood of payment. This study provides valuable insights into ransomware incidents and the factors that influence victim behavior.