It just seems to me that some lawyer would try it. More as a “your companies actions caused us to lose [some large amount of money]” than contract related. Also an email provider is an easier target than the ransomware attacker. I hope it wouldn’t hold up in court.
Edit: Oh and I agree that we shouldn’t pay. I just figure some folks with no backup would opt to pay rather than risk losing their livelihood because of critical data to their business is lost.
