I wonder if it would make sense that the insurance policy offers a bounty on the hackers after the ransom has been paid. It makes your clients less attractive to attack and might in the long term lower your underwriting costs.