The problem with cyberthieves is that they tend to be a resourceful, fast-reacting bunch. So the Internet Security Alliance--an alliance of companies working with Carnegie Mellon's cybersecurity laboratory--makes the good point that any laws and regulations might quickly become outdated. But should the government sit back and do nothing to promote cybersecurity? Hardly. The alliance, in a new report, suggests several steps the government ought to take to provide incentives.  

• Enact a Cyber Safety Act by providing marketing and insurance benefits for companies that design, develop and implement cybersecurity technology, standards and practices
• Tie federal monies to adoption of designated effective cybersecurity standards and best practices.
• Leverage purchasing power of the federal government to boost the value of security contracts.
• Streamline regulations embodied in Sarbanes-Oxley, Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act, along with state regimes.
• Provide tax incentives for the development of and compliance with cybersecurity standards practices and use of technology. 
• Provide funding of cybersecurity research and development to companies. 
• Limit liability for companies that adopt best practices. 
• Create a national award for excellence in cybersecurity, akin to the Commerce Department's Malcolm Baldridge Award.
• Promote cyber insurance. 

For more:
- here's an article from Gov Info Security