> but now there's a very strong incentive to not report data breaches and have your insurance premiums go up or government regulation come down

I would argue the opposite is true. Insurance doesn’t pay out if you don’t self-report in time. Big data breaches usually get discovered when the hacker tries to peddle off the data in a darknet marketplace so not reporting is gambling that this won’t happen.