Yes, currently very few companies report paying ransom payments. When this tax is introduced the motivation for hiding payments will be even higher, and go up with the tax rate. So when you say “With each increase in tax rates, a market equilibrium will be reached where the funding of ransomware is significantly reduced” I would guess instead that reporting will go down.
Is the argument roughly, “some will evade taxes, so the policy will not work as well, and therefore is not worth implementing?”
Yes, currently very few companies report paying ransom payments. When this tax is introduced the motivation for hiding payments will be even higher, and go up with the tax rate. So when you say “With each increase in tax rates, a market equilibrium will be reached where the funding of ransomware is significantly reduced” I would guess instead that reporting will go down.
Do you think sufficiently stiff penalties for non-reporting (in proportion to the payment amount, perhaps) might address this?
Maybe, although what is “sufficient” depends a lot on the rate of catching the evaders. I don’t have a good guess as to what that rate is.