Top insurance firm will stop reimbursing ransom payments for French ransomware victims

Lock on Laptop Screen
(Image credit: Future)

The Paris-based insurance giant AXA has revealed that it will discontinue cyber insurance policies that reimburse ransom payments made by ransomware victims in France following new changes made by the French government.

First reported by the Associated Press, the move is an industry first that could change the way in which other insurers create their cyber insurance policies going forward.

AXA is one of the five largest insurers in Europe and the firm made the decision to discontinue reimbursing ransom payments as ransomware attacks have increased in frequency worldwide. However, the changes were only made in France after the French government and French senators met in Paris last month to voice their concerns about the massive payouts going to cybercriminals as a result of AXA and other insurers' cyber insurance policies.

Before these policies began including ransomware attacks, organizations had to decide whether or not to pay in order to regain access to their files. While sometimes paying a ransom could be worth it for a company, this also encouraged organizations to use a cloud backup solution to store an extra copy of their files safely in the cloud. 

Now though, organizations are more likely to pay as they know they will be reimbursed by their insurer. This in turn has led to an increase in ransomware attacks as cybercriminals have realized that businesses are more likely to meet their demands.

Ransom reimbursements

According to an estimate from cybersecurity firm Emsisoft, France suffered up to $5.5bn in losses as a result of ransomware in 2020 alone. This is because only the US experienced more ransomware attacks than France last year as stated by French cybercrime prosecutor Johanna Brousse who spoke at the round table in Paris last month.

Brousse also told other attendees at the meeting that “The word to get out today is that, regarding ransomware, we don't pay and we won't pay”. 

While the FBI recommends that ransomware victims shouldn't pay anything to the cybercriminals behind these attacks, ransom payments have increased as more organizations have been hit by attacks.

Spokesperson for the US AXA subsidiary Christine Weirsky told the Associated Press that the insurer's suspension of ransom reimbursements only applies to France and does not affect any existing policies. The new changes also do not affect coverage when it comes to responding and recovering from ransomware attacks.

Now that France has suspended cyber insurance policies that reimburse victims for ransomware payments, we could soon see other countries follow suit.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.