Actuary cow dung
Methinks an anonymous FTP account being "left open" really requires more investigation to see who *actually made the mistake. Isn't insurance for "unforseeable" things... like mistakes?
Anyway, HTF can an actuary take into account insurance *risk when using... oh, for example only... a Microsoft server which over the last 5 years there has been 100+ security flaws discovered, exploited and "patched"?
You drive car knowing full well somewhere along the line the chances of getting a flat tire is big enough to buy road side assistance. Seems like these "security insurance" co's are just low-balling thier rates to get business... ignoring the eventual "return of the cows".