At this year's Digital DNA conference in Belfast, Cyphra Director, Conrad Simpson, joined a great panel consisting of Dougie Grant (Nihon Cyber Defence), Laura Gillespie (Pinsent Masons), David Crozier (CSIT) and Emma Jones (SecureWorks) to cover the topic of "To Pay or not to Pay - Ransomware the Board Dilemma". The session discussed the thorny question of whether an organisation should pay a ransom when hit by the devastating consequences of a ransomware attack. The panel discussed and examined a number of areas including the present threat posed; whether the current advice & guidance is effective for data recovery and the threat of data exfiltration and exposure. It also examined the impact to data, reputational damage to business, legal obligations and Government Policy and the impact of sanctions on the payment of extortion demands. With increased attacks on organisations vulnerable to disruption or holding high value data such as the Health Sector, Legal Sector, Critical National Infrastructure, Education, Manufacturing and Academia, Conrad discussed how he envisaged the threat developing and how organisations should prepare, respond and mitigate the risk.