Every time a driver buckles up or an airbag is deployed we see the powerful influence of the insurance companies who insisted those measures become mandatory. Now, those insurers are poised to drive cybersecurity investment by insisting that organizations meet certain criteria to qualify for coverage. Still unclear is whether this will serve the cybersecurity community well, or distort strategies to protect data and networks.