The global insurance company AXA announced in May it will stop writing cyber insurance coverage in France that reimburses customers for making payments to ransomware criminals. Cyber insurance policies have long covered these ransom costs, and it is widely anticipated that other insurance companies will follow suit.
While this news is important to companies as they value policies and understand their overall risks, it is also important news to the world of cyber bad actors. While the insurer’s intent may be to reduce the incentives to conduct a ransomware attack by reducing the odds of the ransom being paid, the outcome likely will be more challenging.
“With insurance companies not providing coverage for the ransoms, the attacks would be expected to increase, and, needing more targets, ransomware gangs are likely to become more indiscriminate…. This has the potential to put smaller firms at more heightened risk than before.”
When bad actors see that companies will not have the security of insurance coverage, they will likely make the economic determination of how much a firm would be willing to pay without the protection of insurance. Because this could lead…
