A client who can pay and wants zero bad press. Same thing someone performing blackmail wants. The more devastating the news of the hack getting out and the more money or insurance the person has, the better.
@CISOScott But by paying the ransom, one is acknowledging that a) you have lots of money to give away b) you don't have the incident response preparedness to deal with it, so you take the easy way instead.
This is until the Cybersecurity insurance company, applies conditions or add additional monetary barriers to achieve or even enforces mandatory audits until the company gets the point or c) the Cybersecurity insurance company denies them coverage as a bad organisation i.e. too risky to cover etc.