Fire and flood insurance protect against discrete or regional risks whereas ransomware will potentially disrupt operations globally, and actually most private insurers won't offer flood insurance to large swaths of the US because the risk has been deemed to be too high. The US gov insures against coastal flooding at GREAT expense to the tax payer.

I wonder what the biggest company is that's totally dependent on a single location (or locations in the same flood zone) and at the same time is usefully insured against such destruction.

Various providers of "cyber insurance" are right now busy getting rid of ransomware coverage because it turns out offering that isn't working for them. and yes, they do require companies to have cyber security infrastructure and audits.