According to the survey, two-thirds of respondents said they have either begun or are planning to insert liability clauses into contracts with their third-party providers.
As the Internet of Things expands, these kinds of contracts are likely to become more frequent, Wysopal said, with each industry seeing its own specific nuances.
"There is little risk due to my weather application on my mobile device, but there might be a lot of risk to something controlling critical infrastructure or a medical device or a self-driving car," he said. "Software that's life and death has to be near perfect. We're going to see that with the Internet of Things we're going to have real safety issues involved -- its not just information anymore."
It's also not clear whether the pressure for change will come from regulation, lawsuits, or from cyberinsurance, he said.
"There's no clear answer yet," he said. "But the direction we're heading in is that for different levels of risks different standards of care are going to be required."
And cyberinsurance itself is likely to get more specialized as well, instead of the generic policies often being written today.
"A software company will have one kind, a consumer company will have another kind, a bank will have another kind," he said.
Today, according to the survey, a majority of listed corporations already have cybersecurity insurance. But, of those, only 35 percent specifically insure against software coding and human errors that can lead to loss of sensitive data.
Sign up for Computerworld eNewsletters.