The insurers will cotton on to the fact that companies with good data protection practices, like data minimization and auditing+pentesting your suppliers, pose a lower risk, and they will price that into the insurance products.
To companies taking out insurance, this can look like being denied coverage unless you have evidence of good practices.
But criminal statutes for gross negligence would probably also help.
To companies taking out insurance, this can look like being denied coverage unless you have evidence of good practices.
But criminal statutes for gross negligence would probably also help.