It's even worse. Big companies are creating their own (captive) insurance firms : https://www.sueddeutsche.de/wirtschaft/cyberrisiken-cyberversicherung-basf-airbus-michelin-miris-1.5...

Article is in german but online translation features should help 🙂

In 2018, few were listening when Warren Buffett was asked if his insurance companies would get into cyber insurance. His answer was a clear no. 

“We don’t want to be a pioneer on this ... I think anybody that tells you now they think they know in some actuarial way either what [the] general experience is like in the future, or what the worst case can be, is kidding themselves.” (source : https://www.cnbc.com/2018/05/05/warren-buffett-cybersecurity-risk-is-uncharted-territory-its-going-t...)

He wasn't wrong and those pioneers are now eating their shorts.

If you're a security professional today and you're not explaining to your principals that ransomware is not insurable, you should ask yourself serious questions.

Yes, as an insurance agent I have had this come up a lot with clients’ Cyber liability renewal premiums….. significant increases. 
I am looking to change careers and I am doing the CC self-paced training.

At what point in the fulcrum does it make sense to not get cyber insurance? If criminals know that if you have insurance they will get paid, will they be less likely to go after you if you don't have insurance?

I know our premiums went up 62% and at some point the money we spend on premiums could buy us some nice security tools. If the insurance companies keep carving themselves loopholes in the  policies where they don't have to pay, then does having cyber insurance become a "check box" activity that you do have it? It may be worthless, but you are "insured".