Security News > 2021 > May > Insurer AXA Halts Ransomware Crime Reimbursement in France
In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France's related overall losses at more than $5.5 billion.
Cybersecurity expert Josephine Wolff of Tufts University said it has come to be built into organizations' risk-management practices "As one of the costs of doing business. And I think that's really worrisome because that is what fuels the continued ransomware business - people keep paying ransom."
An 81-page urgent action plan delivered to the White House last week by a public-private task force noted that enriching ransomware criminals only fuels more global crime, including terrorism.
Michael Phillips, chief claims officer at the U.S. cyber-insurance firm Resilience and a co-chair of the task force, said "AXA France's decision highlights the continued tumult in the market" as insurance firms grapple with successfully underwriting ransomware policies while confronted with rising payout costs that threaten profitability.
Many victims, such as cash-strapped state and local governments, haven't adequately invested in security and are easy prey for ransomware criminals.