Employees at a fast-growing, national company came to work one day to find a daunting message on their computer screens. The company's network had been hijacked and was being held for ransom. CyberScout Consulting discovered that of the company's three servers, hackers had locked down one and infiltrated another. The affected server contained most of the company's sensitive information, including human resources files, financial information, client data and more. The company's IT managed service provider had failed to provide regular reports or update antivirus protection. The company had trusted the IT service provider to operate securely and to alert the company when risks arose from unapplied patches or updates. Plus, the IT service provider had placed all the company's assets on a single network, so the hackers had access to all of the company's digital assets with a single hack. This put the company in a precarious position with its Fortune 50 clients. Management faced a tough decision: Should they pay the ransom?