Well, somehow, I think it will be like usual, when problems started whey will do everything to refuse payment. Doing all documentation and everything related to how to react if breach happens is not a useless job, you need to have it, not for insurance, but for yourself. It's a lot of time and efforts, but like I said before, insurance will find a way to deny your claim. One of these questionaries have requirements to have VPN, but not for employees who need connect to the office, for office itself: "to hide important information from internet providers". This is completely nuts, because all important sites use SSL, plus you don't trust your internet provider, but trust some shady VPN company?
work in healthcare here, and the requirements for cyber insurance have become so strict..because they don't want to pay out. I heard next renewal, the new requirement will be to power all systems down and melt them all into a solid block before issuing it...and even then, i'm sure they have a "solid block of systems" breach clause.