Data security will get better as the risk calculus changes. A lot of companies are mentally doing math:
(Probability of cyber attack per year) * (cost of ransom + costs of downtime) = X,
(Overhead of additional cybersecurity personnel)= Y
If X < Y, it's basically just a no brainier to just eat the costs and pay the X million if it happens. If Y > X, they hire security personnel and it "gets better".
If the government makes paying the ransom less attractive (via basically labeling it as a financial transaction with a sanctioned entity making it illegal) OR the probability of the cyber attack goes up (as this becomes more lucrative), risk calculus changes, security is improved, and it "gets better".
(Probability of cyber attack per year) * (cost of ransom + costs of downtime) = X, (Overhead of additional cybersecurity personnel)= Y
If X < Y, it's basically just a no brainier to just eat the costs and pay the X million if it happens. If Y > X, they hire security personnel and it "gets better".
If the government makes paying the ransom less attractive (via basically labeling it as a financial transaction with a sanctioned entity making it illegal) OR the probability of the cyber attack goes up (as this becomes more lucrative), risk calculus changes, security is improved, and it "gets better".