The price of the service is built in to the cost of the device, so you're paying one way or another. At least Garmin devices actually work without the online service.
I think this is the wrong way to look at it, though. If the cost to Garmin of losing whatever data was encrypted would have been more than $10 million, that's an argument for why Garmin should have had a proper backup strategy in the first place, not for paying a ransom which ultimately hurts the entire industry.
That's also an argument for putting hefty fines in place for anyone who does pay such a ransom. The cost of a ransom like this is more than just the $10 million, and it's not only Garmin that's paying it. Garmin should not be able to make that choice for the industry unless they're willing to pay what it ultimately costs for everyone affected, and that's very difficult to quantify.
It's the same problem you have with any negative externality.