On one side, this decision will likely hinder flourishing ransomware business and indirectly incentivize would-be victims to implement better cybersecurity and enhance their cyber resilience. On the other side, the categorical ban will unfairly discriminate against enterprises who adequately care about their cyber defense but nonetheless fall victims to sophisticated attacks or because of their careless suppliers.

"Moreover, the total amount of ransom payments - paid in France and covered by cyber insurances - is a drop in the ocean of global ransomware business and will highly unlikely cause any material effect on cybercriminals. This move may also indicate that the cyber insurance business, at its very nascence, is not fully aware of the underlying risks of growing complexity and scale, and eventually refuse to cover them under the pretext of a legislative trend. The only reliable way to combat ransomware is to motivate organizations to implement and maintain cybersecurity best practices, otherwise we are treating the outcome rather than the root cause.