So, these chaps have compromised your network, which is illegal, pinched your data, which is illegal, and are now offering to publish it if you don't pay them shedloads of cash, which is illegal. Not the most trustworthy folks, so why would you trust them to not publish your data anyway, once they have been paid? Or to not keep coming back for more?
Even if they're honest in their business dealings, and don't deliberately publish, there is always the chance that they will lose the data, or it will be stolen from them (can't trust anyone these days!) and subsequently be published anyway.
Seems to me that, once these folks have your data you might as well assume that it will eventually be published anyway, and spend the cash on improving security instead.