Normally we want relative risk to be relatively judged. Network and information security risks are always relative and therefore more appropriate for an insurance policy or the insurance industry to deal with than the police.
I had reason to ponder this at greater length once when I was asked if I would not want to punish someone who hacks my own computer - the problem is, I guess, that my computer's hackedness would depend entirely on how skillfully I protected it.
Unauthorized computer access is probably the only crime which is only a crime when it is performed by a sufficiently skilled perpetrator against a sufficiently skilled victim. If you are too dumb of a victim - for instance, you have forgotten to lock the screen on your computer - you aren't even a victim of unauthorized access, even though of course the access could have taken placed anyway, unauthorized or not. I think most people would also intuitively understand why it's not meriting 2 years in jail to have opened the lid of an unlocked laptop or phone.
In the insurance industry all of these things would be kind of cost-dependent risk assessments - we would do relative compensation for relative risk.
So I guess what needs to be done is for more people to feel more happy about insurance companies :P
Normally we want relative risk to be relatively judged. Network and information security risks are always relative and therefore more appropriate for an insurance policy or the insurance industry to deal with than the police.
I had reason to ponder this at greater length once when I was asked if I would not want to punish someone who hacks my own computer - the problem is, I guess, that my computer's hackedness would depend entirely on how skillfully I protected it.
Unauthorized computer access is probably the only crime which is only a crime when it is performed by a sufficiently skilled perpetrator against a sufficiently skilled victim. If you are too dumb of a victim - for instance, you have forgotten to lock the screen on your computer - you aren't even a victim of unauthorized access, even though of course the access could have taken placed anyway, unauthorized or not. I think most people would also intuitively understand why it's not meriting 2 years in jail to have opened the lid of an unlocked laptop or phone.
In the insurance industry all of these things would be kind of cost-dependent risk assessments - we would do relative compensation for relative risk.
So I guess what needs to be done is for more people to feel more happy about insurance companies :P