I prefer leaving things to the market as much as possible.
I think most organizations have an interest in key recovery, at least with respect to stored data.
While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
Generally I'm against regulation.
However, leaving everything to the market is not necessarily good for society.
Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, few if any can be characterised as acts of terrorism.