One example - startups that are looking to sign large enterprise contracts are often prevented from doing so because they don't carry a sufficient level of errors and commissions (E&O) insurance to satisfy customer requirements.
Getting that level of coverage can be difficult because the few people on the insurance side really understand how to price software/security risk, and because the size of contract isn't meaningful to the seller of the policy, though it is critical to the startup in question.
That seems straight-forward to do (although difficult finding great developers to assess this stuff):
- Development process (Agile, Scrum, Waterfall, Panic, etc.)
- Architecture
- Testing processes
- Pentesting
- Credentials of all of the developers
- Credentials of the managers
- Even the presence of physical security
There's already "cybersecurity" insurance and surely someone from that industry could join and tell you how to price security features and processes: https://www.dhs.gov/cybersecurity-insurance
I can't really speak against it not being worth it for the insurance company though. How do you build a cheap but high coverage insurance product for startups that have limited cash?
Effectively if you take any kind of risk it involves insurance. A concrete example is starting a company and quitting your job. Health insurance is currently heavily tied to employment, so the incentive is not to start a company under those circumstances.
Not just startups, consumer facing and b2b services as well.
"These tires are going to travel places other than roads and the sidewalls will be shredded by the terrain long before they fail from dry rot, I don't care if they're too old to have a date code, just mount the damn things."
"Our insurance policy prevents us from mounting anything over 10yo"
And that level of BS is nothing compared to overhead lifting.
