A CISO’s responsibility is to be transparent with General Counsel and the C-suite regarding facts relevant to data breaches, including whether any ransom has been paid.