Insurer AXA halts ransomware crime reimbursement in France
In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware.
“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5 billion.
The suspension only applies to France and does not affect existing policies, said Christine Weirsky, a spokeswoman for the U.S. AXA subsidiary, a leading underwriter of cyber-insurance in the United States. She said it also does not affect coverage for responding and recovering from ransomware attacks, in which criminals based in safe havens including Russia break into networks, seed malware and cripple them by scrambling data.