Sounds like a terrible idea to me.<p>A good way to boost profits for insurance companies, and force everyone into CYA practices and bureaucracy - a lot like the way malpractice insurance makes doctors more conservative <i>and</i> raises prices.<p>What we need, is simply more liability for damage cause by security breaches. Companies could then decide for themselves how much to insure, and how much to invest in better technology.<p>I’d like to see damages reflect the actual harms caused.<p>If a company leaks my data and I am subjected to identity theft as a result, that company should bear the cost of remedying that.