Fair, but I’m not sure how much difference there is between “not negotiable” and “no rational large customer would ever choose to buy cyberinsurance from its security vendor by negotiating a liability shift in exchange for paying massively more.” This would be like buying pandemic insurance from an insurer who only sold pandemic insurance (and wasn’t backstopped by reinsurance or government support). If/when you needed to make a claim, everyone else would be in a similar position, and the claims would bankrupt the security vendor quite easily. That means everyone gets only a small fraction of their claim paid and holds the bag for the rest.
Fair, but I’m not sure how much difference there is between “not negotiable” and “no rational large customer would ever choose to buy cyberinsurance from its security vendor by negotiating a liability shift in exchange for paying massively more.” This would be like buying pandemic insurance from an insurer who only sold pandemic insurance (and wasn’t backstopped by reinsurance or government support). If/when you needed to make a claim, everyone else would be in a similar position, and the claims would bankrupt the security vendor quite easily. That means everyone gets only a small fraction of their claim paid and holds the bag for the rest.