This is pretty scary stuff, I mean fuck, every time I see a story like that I can't help but be amazed at how incredibly insecure the services of credit card companies are, and how hypocritically they behave at every single step about security.
It's an arms race, never throw in the big guns if you want to stay ahead. I'm no expert, but this is ain't rocket science. Suppose the insurance company covers $256K worth of damages, it's useless to add more security when the damages total $192K. The insurance company would periodically (or rather sporadically) evaluate their claim requirements (ATM must have grade X lock, must weigh at least Y tonnes, etc.) and adjust for common risks (according to past cases). Between upgrading the contract to cover more risk and implementing security measures, the latter will probably have a better cost-benefit. The costs saved not doing anything beyond the minimum helps their bottom line and potentially you as well (albeit indirectly), by offering you a better deal (i.e. slightly lower interest rates) than their competitors.
This may not be exactly how the system is set up, but I think I'm not too far off.
