In today’s threat landscape, organizations need to proactively determine what they are going to do - Pay, Not Pay, or Defend. An important place to start is calculating the financial risks of ransomware. The math is straightforward. The calculations presented in this whitepaper can be used as a starting point. They can be used to facilitate conversations between Security Teams, Business Owners, IT Teams and Senior Management. They can be used to drive more effective security strategies and investment decisions.