Re: I saw one of these proposals recently
Mr. Greenwood's post makes a critical point. The reason this "was/is not unexpected" reflects the inherent nature of the insurance business. The insurer needs a sufficient base of data to be able to predict the probable outcome with a high degree of precision and confidence.
And, in this regard, cyber insurance is not simply new. . .the nature of the risks and losses it deals with are radically different in kind from any other activity. Using auto liability as a analog (admittedly a poor and trivial one, but the best I can come up with at the moment) writing a cyber insurance policy is like trying to ensure a fleet of cars where the number, location, and design of the road system, and the size, numbers, as speed limits of the vehicles for any given span of time can vary by orders of magnitude, in ways that cannot be predicted, and where 90% of the drivers are unlicensed.
To be economically viable insurance coverage must be limited to those risks and losses that can be reliably predicted based on hard statistical data. Given the reality of the global cybersphere, that means limiting the coverage to virtually nothing.
It's crystal clear that this is headed down the same path as Affordable Health Care. Companies and individuals are going to be required to have cyber insurance, the terms and condition of which will allow the insurance industry to extract high profits for insuring very little in practical terms.