Tragedy of the commons. It's irrelevant to the extorted company whether or not it becomes more common in the future, they have a much bigger problem now.
The reason they didn't pay is because they conducted a cost benefit analysis and decided it's not worth it to them.
> It's irrelevant to the extorted company whether or not it becomes more common in the future, they have a much bigger problem now.
No, it's not irrelevant because that future might be tomorrow. The criminals remain in possession of the data whether they get paid or not, that is, the extortion can be restarted the next day (or hour) after payment.
There's no way to trust an anonymous group you know nothing about, be it to keep their word or to keep your data safe from individual members or splintering groups.
That would be part of the cost benefit analysis. And you would be surprised how "trustworthy" these ransomware groups are. Probably because publishing the data is a hassle they would rather do without, and finding actual buyers for such data is hard (corporations don't tend to have black budgets).
No, whenever they decide not to pay it's because they made the decision to absorb the damage rather than pay criminals who may or not be sanctioned (and that fact may later emerge) creating additional liability. So you know that when they pay the damage would have been very great indeed. In this instance the damage is likely minor or more likely, off-sourced.
Nobody is not going to pay because that will be better for the collective to let the ransomware industry die. They may however choose to publicly state that as the reason.
The reason they didn't pay is because they conducted a cost benefit analysis and decided it's not worth it to them.