[solatic]

> Point might be how to "certify" whether the ransomware attack is "real" or if it could be simulated to only get away with hiding/divert the money (and pay no taxes on those).

Well, exactly this. Clarifying that ransom payments are tax-deductible creates a moral hazard whereby companies set up off-shore entities to conduct ransomware attacks. The parent company gets attacked, establishes a paper trail of "damages" (whether these damages are material is irrelevant, particularly as the stock market has shown that it won't punish companies for being the victim of cyberattacks), quickly pays the ransom, which moves the money off-shore into crypto accounts which can then be tumblered and funneled into shell companies. The off-shore cash can then be used off-the-books for a variety of purposes that indirectly benefit the parent company.

Good luck to the forensic auditors who try to follow the trail to show that the money never really left the parent company's control.

[rightbyte]

Why would you want to make clean money dirty as a company? Sure, to steal it for personal gain. But to benefit the company? For paying bribes maybe?

[solatic]

The choice is between paying $X (say, $10 million) to the government in taxes, where it is never seen again and only indirectly benefits the company (the roads and railroads argument), or "paying" that same money into dirty accounts that, yes, are limited in what they can achieve (i.e. you can't pay dividends from it or engage in capital construction in the name of the company) but can still achieve direct benefits for the company (e.g. paying for negative coverage of competitors' products, lining the pockets of influential people)