Does it ever make sense for firms to pay ransomware criminals?

By Chris Beck and Blake Fleisher
21 July 2021
Download PDF 0.4MB

AXA announced in May it will stop writing cyber insurance coverage in France that reimburses customers for making payments to ransomware criminals. Cyber insurance policies have long covered these ransom costs, and it is widely anticipated that other insurance companies will follow suit. In this new environment, the strategic calculus for attackers and victims will change. In this article, published in Insurance Journal, we ponder the question of whether companies make the payments at all, and take a look at the ransomware landscape. We also note how cyber risk needs to be analyzed in a way that allows companies to examine the appropriate controls and mitigation techniques, and how causal-based models are a proven way to account for the decisions of both the company and the attacker.

This article was published by Insurance Journal.

Read the article

Explore more tags from this article

thought leadership insurance risk management and ... japan insurance

About the Author(s)

Chris Beck

Chicago Tel: 1 312 2793093

View bio

Blake Fleisher

Chicago Tel: 1 312 8739642

View bio
INSIGHT

Related Milliman Insight

Insight

Pulse Survey: Mental health benefits

Survey: Since the pandemic began, 66% of employers report increased use of mental health resources offered through their benefits plan, and 62% indicate a significant spike in claim costs

Read more

We’re here to help

Ask the tough questions. We’re ready for them.

Contact an expert