Hack me if you can
> cyber insurance has two selling points as far as politicians and political policymakers are concerned: insurance could help limit the financial damage to organisations hit by ransomware, while due diligence by insurers and their brokers could help force relative slackers to adopt better security hygiene.
And as far as businesses go, the advantages of cyber insurance are that it is quick to implement and it looks like the board of directors is taking the problem seriously.
In reality it provides a way of protecting the business without having to make any significant technical changes. I have a sneaking suspicion that there is a high correlation between businesses that do not employ techies (and their managers) who are capable of keeping an installation secure and those outfits that are most likely to be hit by ransomware.
So insurance probably works out cheaper than hiring talent and financing all the improvements that those experts and best-practice exponents would require.
Cheaper, that is, right up until the time when the company gets hit and discovers that their insurance won't pay out as the insured company only paid lip service to the terms and conditions. (And then, it's probably still cheaper to give the CIO a severance package, than to make the necessary changes).
Maybe cyber insurance providers should employ their own teams of hackers. Ones who will demonstrate the security or lack of, by test-hacking their customers before providing insurance to them?