The cyber insurance universe is still in its infancy. There will be many changes over the next couple years on the coverage, reaction procedures, premium pricing, and claim stipulations. I also would love to see a standard structure and terminology of what risks are covered under what policies.
ISMG recently did a podcast to look at why the market for cyber insurance among small business is struggling and it's an interesting listen.
One of the quotes I love from it is "there is a permanent residual risk of just being on the internet".