[atmosx]

The "economist" proposed a solution: tire cyber-security incidents to the stock market. The approach proposed was something akin to "have someone count and display the incidents of each company and blast radius". I'm not sure if this would actually work.

[tremon]

The other capitalist option is to make cybersecurity insurance mandatory, and impose high fees both to reimburse victims and to some government watchdog/agency (yes, government watchdogs and capitalism can co-exist). Then, it will be in the insurer's best interest to have clients with adequate cybersecurity implementations, and the market can sort it out.

At the same time, we should make sure that any insurance company that chooses to pay the criminals instead loses their license to operate.

[mr_toad]

I think that the moral hazard associated with insurance would just make the problem worse.