The people surveyed were more confident. The business that sells security software wants to make sure that people know that it's still a good idea to buy their software. Maybe you could attribute part of this to people being confident in the software they bought from these guys, or at least these guys would like you to think that. Still, the company's statements and those of the people unaffiliated with them don't have to agree.
I don't think it's that surprising. Now that ransomware has existed for longer, more people have had an opportunity to think through what they would need to deal with it, to scare their directors into letting them do it, and to build some of the things they had in mind. Those don't prevent it altogether, but it does mean that they feel more confident about their ability to respond than they did when they had none of that.