Sadly theres not many choices.
a) Stop storing so many secrets on servers that are open to the whole company. This means that any attack can get to less information.
b) Stop storing so much data - do you REALLY need to store the inside leg measurement of someone who just wants to contact your customer service or apply for a job? If I wanted a bloody account on your server to apply for a job then you should not employ me as I am evidently stupid. What you should do is open up a route for me to submit a CV for a job direct to the person responsible.
c) Switch off known and obvious vulnerabilities - you dont need macros enabled to view a word document.
d) Compartmentalize - its what the terrorist guys do, its what the resistance in France did, in fact it goes back long before that - if people in the office in Vancouver dont have access to information that is only relevant to the guys in London then they cant lose it and cant have it locked.
e) Sort out backups. Yes I understand that some of these attacks manage to set themselves up so your standard copying the files to another disk doesnt help because they too are somehow actually encrypted - so find a route to backing it up into a different file format that you write fresh - e.g. print it to a text file or some such - and then you can just read the text file back into the database - yes it IS slow but hell, it isnt as bad as paying billions.
In order for any of the above to work you need managers that understand IT, you need to pay engineers enough money they actually give a shit about the company. Basing wages in London on what you might be get away with paying an Outer Mongolian goatherd isnt going to get you the people with the skills you need or the enthusiasm to cover your arse.