“Over a 12-month research project, researchers from RUSI (Royal United Services Institute for Defence and Security Studies), the University of Kent, De Montfort University and Oxford Brookes University conducted a series of expert interviews and workshops… This paper argues that there is, in fact, no compelling evidence that victims with cyber insurance are much more likely to pay ransoms than those without.”
RUSI does note: “While there is evidence that cyber insurance policies exfiltrated during attacks are used as leverage in negotiations and to set higher ransom demands, the conclusion that ransomware operators are deliberately targeting organisations with insurance has been overstated.”
The report includes some interesting recommendations for insurers and the UK government.
A study examining the role of cyber insurance in addressing the threats posed by ransomware.
Source: Cyber Insurance and the Ransomware Challenge