Some kinds of insurance are mandatory: a no-brainer example would be car insurance.
Some are optional, like income protection or travel insurance. And, of course, they are of no practical help until that fateful day when they are and you thank yourself for signing up in the first place, right? Well, some people are more risk averse than others and whatever you decide is fair enough assuming you have thought it through.
When it comes to cyber-insurance for your business (and many other types of business insurance) ask yourself this:
Have you assessed ALL risk in the business? Actually, identified what the risks are? Listed them? Assessed the consequences?
Cyber-attacks are very real and not remotely enjoyable. This guide from the National Cyber Security Centre gives you an overview of what to look for and how to approach gaining such insurance.
Crucially, it makes it very clear having such insurance does not magically make your business immune from attack (!) nor should you put off ensuring that your IT systems, data, devices and humans are prepared for interaction online. What it does provide is support if something terrible happens and assuming you have taken out appropriate levels of cover, that you will ride the storm and survive.