A cybersecurity expert says he is not in favour of an outright ban on paying ransom in the event of a cyberattack and negotiation should still be an option.
It comes after Australian financial services firm Latitude said the cyberattackers who stole millions of consumers' personal details had demanded a ransom, which it would not pay.
That is despite the risk of more than 14 million New Zealand and Australian drivers' licenses, passports and other personal details being released.
The Australian government announced in November it was considering banning ransomware payments as cyberattacks become more frequent and severe.
Cybersecurity firm Palo Alto Network Asia Pacific region chief security officer Sean Duca said the move would send a strong message to potential cyberattackers, but it could have unintended consequences.
"You're actually making it very, very hard for someone to make a decision as to what do they do," Duca said.
"They have one less option at their disposal and if I start to think about it, don't we want the victim to win?" he said.
"That's the key part here, by simply saying completely ban any type of ransom payment, you're effectively saying you don't want the victim to win, and I think that's a very hard call to make, because you're not in the pressure cooker situation."
Mandatory reporting of cyberattacks should first be enforced and more research into the issue was needed, Duca said.