Cybersecurity requires well-thought-out regulation that avoids attempts to centrally control technology development and fetishize procedures in the form of a security theater. Significant investment in cybersecurity is needed, including on the business side, yet the state should be restrained in dictating detailed solutions. Our report suggests considering an Anglo-Saxon approach to regulation by streamlining liability for damages in cyber incidents. In this way, market forces can be harnessed to discover what detailed solutions will most effectively enhance security.