Re: Many commentards don't understand insurance
...and unlike physical locks and doors, 'cyber' security is unseen, and very hard to audit.
In traditional insurance, if you get burgled the police will look for a forced entry. If there isn't one, you're already in shaky territory with your insurance. If the loss adjuster talks to your neighbours and they tell him/her that they've seen you leave windows open while you pop to the shops, then there's a good chance you won't get a pay out at all.
To try to keep up the analogy though, if a mega corp gets hacked, it's because they've got an enormous, yet flimsy warehouse made of wood held together with gold nails. They're located in the worst possible part of town, wrong side of the tracks, etc etc. Or, maybe they've got a bomb-proof fortress in the best part of town but store so much unobtanium that they're still a lucrative target.
The thing is, unlike their physical counterparts, one's virtual presence can't be assessed by a brief look around. Further, one's virtual presence may be in the best part of town now, but at the time of the attack was the flimsy warehouse in the wrong part of town. Assessing someone's security procedures/processes etc is a long job, and only tells you what's in place at that moment.
The insurance industry doesn't need a database, it needs a certification programme. I guess one day it'll be a bit like car insurance - if you don't have a license, you can't have the insurance (or else can have it at super-high cost). If you only just got the license, you're a higher risk than someone who's had it ages, etc etc.