If a card data incident happens, you’ll rely solely on your own reserves or separate insurance for fines, forensics, and notifications. In other words, you remove a built-in financial buffer that’s already aligned with how card brands handle breaches.