The price of providing a basic level of security should be priced into the product!
The question is whether that is all that would be priced in, or whether the insurance industry, given a rich new feeding ground, would charge huge rates for many types of device in case of catastrophic failure.
My car insurance probably costs me several times the value of my car each year, because I am required to have cover for third party losses as well. That remains true even though I've been driving for a long time and never made a claim so far, because in the nature of insurance, they are guarding against the relatively rare possibility of a relatively high payout.
What happens when your $100 office software package now has mandatory insurance in case each installed instance costs the business $200 in lost revenues from downtime after a breach, or $2,000 in average compensation when a vulnerability leads to personal data being illegally disclosed?
The question is whether that is all that would be priced in, or whether the insurance industry, given a rich new feeding ground, would charge huge rates for many types of device in case of catastrophic failure.
My car insurance probably costs me several times the value of my car each year, because I am required to have cover for third party losses as well. That remains true even though I've been driving for a long time and never made a claim so far, because in the nature of insurance, they are guarding against the relatively rare possibility of a relatively high payout.
What happens when your $100 office software package now has mandatory insurance in case each installed instance costs the business $200 in lost revenues from downtime after a breach, or $2,000 in average compensation when a vulnerability leads to personal data being illegally disclosed?