Does it ever make sense for firms to pay ransomware criminals?

By Chris Beck and Blake Fleisher
21 July 2021
Print / PDF

AXA announced in May it will stop writing cyber insurance coverage in France that reimburses customers for making payments to ransomware criminals. Cyber insurance policies have long covered these ransom costs, and it is widely anticipated that other insurance companies will follow suit. In this new environment, the strategic calculus for attackers and victims will change. In this article, published in Insurance Journal, we ponder the question of whether companies make the payments at all, and take a look at the ransomware landscape. We also note how cyber risk needs to be analyzed in a way that allows companies to examine the appropriate controls and mitigation techniques, and how causal-based models are a proven way to account for the decisions of both the company and the attacker.

This article was published by Insurance Journal.

Read the article

Explore more tags from this article

thought leadership insurance risk management and ... japan insurance

About the Author(s)

Chris Beck

Chicago Tel: 1 312 2793093

View bio

Blake Fleisher

Chicago Tel: 1 312 8739642

View bio
INSIGHT

Related Milliman Insight

Article

Market insight from year-end 2020 SFCRs: Sample of life insurers based in Luxembourg

Gross written premiums in our sample of Luxembourg-based life insurers decreased 20% in 2020.

Read more

We’re here to help

Ask the tough questions. We’re ready for them.

Contact an expert