I for one think this is a brilliant idea.
New policies are being created to insure from cyber thefts and attacks. This isn't new. Organizations will decide if they need to insure against this type of scenario.
As part of the process, the insurer with their acquired security firm, would provide audits, analyze risks, adjust premiums accordingly... All while collecting the premium, but also up-charges or additional revenue from consulting, the audit's, hardening, etc...
It could be just another arm to an AIG or Zurich.
This doesn't sound great as a mere person, that you have to spend more. But for a business, or large organization, a necessary evil. For the insurer, another form of revenue.