Interesting post.
Cyber insurance is an odd product. It is not that expensive for what you get, but all insurance companies that sell it have extensive screening processes to ensure a companies IT infrastructure is well protected before they will cover you.
Such standards are good for the IT industry, but many IT experts are offended by being required to go through more such testing after they have been through ePCI , HIPA, Sar-Ox and other industry, government mandated certification processes.
While each process is great for its focused scope, cyber insurance screening can get into the nuts and bolts of a network in ways the others have not.
Another set of eyes is always good when the insurance company has potentially huge pay outs on the line.
