[toomuchtodo]

Insurance companies are likely to disallow ransom payments in their entirety. Too much risk considering the security posture of most organizations.

Boards will, generally, still not fund and support effective security culture without steep penalties for breaches (i am in infosec and speak to c suite folks as part of my gig; breach impact, in their current form, are "cost of business"). “Show me the incentive, and I will show you the outcome.” – Charlie Munger

https://www.insurancejournal.com/news/international/2021/05/... (Insurer AXA to Stop Paying for Ransomware Crime Payments in France)