Sure, maybe I was a bit too unclear. Of course the services should have implemented security (like banks don't have to be Fort Nox, but still do have some security implementations). But I'm still wondering why there seems to be no communication with the insurance industry. There's IMO enough money involved to build a contract. I'm just imagining how users will react on a service which might not be the cheapest, but covered against hacker theft by an insurance (which implies massive security implementations).