Can insurance companies cover Bitcoin ransom payment?

Everyone – including the White House – likes talking about preventing ransomware. We’ve all seen the latest cyber executive order. Segmenting your network prevents lateral movement. Here’s the latest  ransomware incident.

Graff Graff Diamonds Corp has sued its insurer, The Travelers Companies, Inc  for failing to cover $7.5 million in ransomware losses 

- British Jeweler, Graff, is suing its insurer, The Travelers Companies, for refusing to cover a ransom bitcoin payment. - Graff said the hackers threatened to leak sensitive client information. - The jeweler is seeking to recoup the costs of the ransom payment and legal fees.

Graff, a luxury jeweler, is suing its insurance company for declining to pay Bitcoin ransom.  The jeweler reportedly paid a Bitcoin ransom of $7.5 million to the Russian hacking gang Conti after the group threatened to leak data of the company’s big clients, including Middle East royalty.  Graff negotiated the ransom payment with the hackers and then paid it in full.

Graff sues insurer after paying the ransom in full

The Travelers Company, refused to reimburse the jeweler for the payment, citing that their policy does not cover Bitcoin ransom payments. Graff is now suing the entity, arguing that the insurance company should have known about the risks associated with Bitcoin and advised them accordingly. While authorities have discouraged individuals and businesses from making ransom payments, there are circumstances where paying them is beneficial. In this case, it prevented the hackers from publishing private client information, which could have been very damaging to Graff’s business.

Paying cyber extortion  demands in cryptocurrency

While most insurance policies do not currently cover Bitcoin ransom payments, some insurers offer cyber insurance policies that cover crypto ransom payments. Experts have warned that insurers may be hesitant to do so because of the volatile nature of Bitcoin. The value of Bitcoin can fluctuate wildly, making it difficult for insurers to calculate the risk. The Graff case highlights the importance of having comprehensive insurance coverage. While most policies may not currently cover Bitcoin ransom payments, that could change in the future.

It’s important to understand what your policy does and does not cover so you can make informed decisions about your coverage. There may be a change in the future as cryptocurrency becomes more mainstream.  As a result, insurance companies must adapt to the changing times and update their policies to cover Bitcoin ransom payments. In the meantime, businesses should be aware of the risks associated with Bitcoin and take steps to protect themselves accordingly. Bitcoin ransom payment should be made only as a last resort after all other options have been exhausted.

When deciding whether or not to pay a Bitcoin ransom, businesses should consider the potential risks and rewards of doing so. They should also consult with their insurance providers to ensure that they are fully covered in case of a ransomware attack. Bitcoin ransom payments have become an increasingly common way for hackers to extort businesses. Unfortunately, in many cases, insurance companies will not cover these types of payments. This is because they are considered high-risk and often lead to further losses for the business.

Can insurance companies cover Bitcoin ransom payment?

Still, insurance companies must be prepared to cover these types of payments in the future as crypto becomes mainstream. According to Graff, the criminals threatened to publish the customers’ private purchases.  Thus, they had to act to neutralize the risks. It is not yet clear how the case between Graff and the insurance will play out, but it could have major implications for Bitcoin and ransomware payments in the future.


Prevention generally comes before protection and is meant to avert the threat before it occurs. An example of prevention for business security includes a set of rules or reminders about best safety practices for cyber security. Protection is the next step and usually takes over if prevention fails. 1. Prepare. 2. Prevent. 3. Detect. 4. Remediate. 5. Recover.

Prevention Before Protection

– Use strong passwords. Strong passwords are vital to good online security.  – Control access to data and systems.  – Put up a firewall.  – Use security software. – Update programs and systems regularly.  – Monitor for intrusion.  – Raise awareness.


Essential steps you should take for Cyber Security

Cybersecurity Compliance

Once your data is configured, your company can coordinate its resources to protect that data whether it's in storage or transit to or from your network.  If your organization is new to cybersecurity compliance, you can easily get up to speed and organize your response by using any of these cybersecurity policy templates to manage the flow of information through your company’s chain of command.

Some Methods of Cyber Security Defense 

Data protection – Data protection methods include data at rest encryption, hashing, secure data transmission and encrypted backups.  Perimeter defenses – Network perimeter defenses include firewalls, intrusion detection systems and intrusion prevention systems.


The US Defense Industry suffered huge data loss in 2008 and devised a series of 20 CIS controls known as the critical security controls (CSC). The CIS top 20 gives a detailed account of what an organization should do to defend themselves against cyber-threats.

We Bring You Industry News And More