The long answer is more complicated. Your vulnerability to a ransomware attack can depend upon how attractive your data is to criminal hackers, how critical it is that you respond quickly to a ransom demand, how vulnerable your security is, and how vigorously you keep employees trained about phishing emails, among other factors.