Re: Selling insurance against breakins seems insane
Um, most of the things you mention are good reasons why having an outside insurance agent to force you to comply with best practices is a good thing, tbh.
Keeping current on patches? Something we're always complaining ought to be in place, and roundly mock any company which is hacked for failing to do so.
One employee getting phished? Forces you to keep your anti-phishing training and automated email filters up to date and to enforce least privilege properly. If Susie in the call centre can't access anything, her being phished doesn't matter.
IDS having all it's alerts switched off? Not something that ought to be happening either.
Many of these things are areas IT and IS have spent years trying to push companies toward, but companies themselves have failed to see any reason to do so. Having an insurance company demand compliance to provide coverage may actually make C-suite or board members take it a bit more seriously.