AXA France has ceased providing ransomware reimbursement cover when underwriting new cyber policies. AXA France, AXA’s general insurance business in France, is said to have made the move following French government concerns about the payment of ransoms.
According to a report from AP, AXA said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month, about the devastating global epidemic of ransomware. “The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing.
AXA said in a statement: “As is standard market practice, we do provide ransomware cover as part of a broader cyber policy. The current cyber insurance market is very challenging, prompting many markets to look carefully at coverage and capacity. We also continue to monitor the evolving regulatory environment regarding ransom payments. We’re committed to working with our brokers and clients, in addition to regulators, law enforcement, cybersecurity professionals and others, to find appropriate protections and risk mitigation/reduction strategies to meet this evolving landscape.”
A spokesperson told AP that the suspension only applies to France and does not affect existing policies. She said it also does not affect coverage for responding and recovering from ransomware attacks, in which criminals based in safe havens including Russia break into networks, seed malware and cripple them by scrambling data.