Call it a learning experience. After the attack, they'll make a loooong list of everything they should have done. Then they can cover ransomware again, for companys that show in an audit they implemented axa's list.

the biggest irony of all: AXA was a major financial backer of Blockstream, a bitcoin development company which employed (still employs?) several of the bitcoin core developers.

Does this have any implications for any of us?

If your "us" is a programmer in the valley, less so, short of you doing a medical procedure abroad.