Hacker News new | ask | show | jobs
by jaclaz 1830 days ago
>The Key difference is that when I pay consultants they in turn pay the taxes (or in turn they have some expenses to towards somebody else who eventually pays the taxes), so overall they are not lost.

Not really-really.

The consultants pay taxes on the money they get from you only because (if) they respect the Law, it is none of your business (it is the IRS's one) if the consultants later comply.

If you prefer, whether the consultants pay taxes or not doesn't change anything in your company's accounts, you have an expense and proper documentation for it, what happens after and outside the transaction is irrelevant.

The issue (from your or your company's point of view) is how to properly document the expense (and it is IMHO a tough one to document a ransom).
1 comments
ithkuil 1830 days ago
You may not care whether the consultant pays the taxes. The lawmakers that define the tax laws (implemented by agencies like the IRS in the specific case of the USA) do take into consideration where the money goes.

If the IRS currently doesn't care or doesn't check, that's a specific implementation issue of your country. Laws can be changed

link
jaclaz 1830 days ago
Let's try imagining another scenario.

You have ransomware insurance.

You fall victim to a ransomware attack.

You pay US $ 100,000 as ransom.

The insurance company reimburses you the US $ 100,000.

It is clear that financially that is 0.

But from a tax view point, if you cannot count the US $ 100,000 of the ransom as expenses you will be paying some form of taxation on the US $ 100,000 you received from the insurance.

link
ithkuil 1830 days ago
This can be solved easily: let the insurance company pay the ransom, and factor in the full cost (since it wouldn't be tax-deductable) when computing the premium.

EDIT: otherwise, the collectivity effectively pays for what you deducted from your taxes. The missing money on the overall country balance has to come from somewhere.

EDIT2: If you're talking about private insurances covering your risk of ransoms, this means you assume it's your responsibility to pay for your losses (insurances just allow you to pay proportionally to the risk), and not e.g. have the government, say, paying it for you (through public funds, which can and IIRC has happened for kidnapping cases here some countries pay the cost of rescue). All I'm saying is that if it's private insurance, it should be private 100%

link