Top insurance firm will stop reimbursing ransom payments for French ransomware victims

Lock on Laptop Screen
(Image credit: Future)
Audio player loading…

The Paris-based insurance giant AXA has revealed that it will discontinue cyber insurance policies that reimburse ransom payments made by ransomware (opens in new tab) victims in France following new changes made by the French government.

First reported by the Associated Press (opens in new tab), the move is an industry first that could change the way in which other insurers create their cyber insurance policies (opens in new tab) going forward.

AXA is one of the five largest insurers in Europe and the firm made the decision to discontinue reimbursing ransom payments as ransomware attacks have increased in frequency worldwide. However, the changes were only made in France after the French government and French senators met in Paris last month to voice their concerns about the massive payouts (opens in new tab) going to cybercriminals as a result of AXA and other insurers' cyber insurance policies.

Before these policies began including ransomware attacks, organizations had to decide whether or not to pay in order to regain access to their files. While sometimes paying a ransom could be worth it for a company, this also encouraged organizations to use a cloud backup (opens in new tab) solution to store an extra copy of their files safely in the cloud. 

Now though, organizations are more likely to pay as they know they will be reimbursed by their insurer. This in turn has led to an increase in ransomware attacks (opens in new tab) as cybercriminals have realized that businesses are more likely to meet their demands.

Ransom reimbursements

According to an estimate from cybersecurity firm Emsisoft (opens in new tab), France suffered up to $5.5bn in losses as a result of ransomware in 2020 alone. This is because only the US experienced more ransomware attacks than France last year as stated by French cybercrime prosecutor Johanna Brousse who spoke at the round table in Paris last month.

Brousse also told other attendees at the meeting that “The word to get out today is that, regarding ransomware, we don't pay and we won't pay”. 

While the FBI recommends that ransomware victims shouldn't pay anything to the cybercriminals behind these attacks, ransom payments have increased as more organizations have been hit by attacks.

Spokesperson for the US AXA subsidiary Christine Weirsky told the Associated Press that the insurer's suspension of ransom reimbursements only applies to France and does not affect any existing policies. The new changes also do not affect coverage when it comes to responding and recovering (opens in new tab) from ransomware attacks.

Now that France has suspended cyber insurance policies that reimburse victims for ransomware payments, we could soon see other countries follow suit.

Via ZDNet (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.