Most ransomware groups just want the money; they don't particularly want to inflict damage on their target. If their demand falls within policy limits, then they will very likely get payed. If their demand exceeds policy limits, then the target needs to make a much more active decision about weather or not to pay. Combined with the fact that exceeding the insurance limit likely puts you into a realm where you are asking for a some large enough to be a significant challenge (otherwise they wouldn't have bothered with insurance), and you are now reducing the likelyhood of getting a payout.

I would expect the net result of this would be that groups raise their demands to match what (they think) the policy limit is.

From what I understand, ransomware insurance is already a thing. With the policy you get someone who negotiates the price and pays the ransom directly to the ransomware gang, which bypasses some laws against paying ransomware directly.

In theory, this helps with lower prices, negotiated support policies with the ransomware criminals to ensure the decryption process goes well, and they keep cryptocurrency available so the policy holding company doesn't have to scramble to get millions of dollars in crypto in a day or two.

Similar to kidnapping negotiators, ransomware negotiators often have the experience to produce a better outcome

It would work by the "insurance" paying off established ransom groups in advance. Protection rackets aren't exactly a new invention. Wether it can work or not is entirely hinging on the uncertainty of just how fragmented the ransomware industry really is. Is it actually just one loose federation or are multiple ecosystems existing in parallel? Do they perhaps informally agree on virtual turfs?

There was an article or discussion I believe I read on HN that discussed how kidnapping and ransom insurance reduced violent outcomes and made dealing with the kidnappers more predictable.

True, but what has made kidnapping mostly disappear is laws that make it illegal to pay a ransom. That makes it impossible to ask for help (as the police are more likely to find out) raising the ransom, and thus the total paid much less.

Nothing is perfect, but when there is no money in the crime there is much less crime. (Don't confuse less with zero!)

Sure, but GP was asking about how insurance might work. Also, I'd thinnk making lowering ransoms (by making it illegal or other means) works only if it's paired with a low probability of the kidnappers being able to enjoy the proceeds.

Where is it illegal to pay a ransom?

Kidnap, ransom & extortion insurance have been around for a while. I imagine that whatever solution those industries employ would work here. I'm also curious what that looks like, though.