Cyber Insurance and Ransomware

Was at an alumni happy hour a few nights ago and had an extremely intriguing conversation with someone who works at a large insurance company in their Cyber division. It seemed obvious, but I had never considered the insurance side to hackers. He said that the high level view of it is that companies will have cyber insurance that protects them against attacks. What was surprising is that these hacker groups will infiltrate a company and sit in the shadows for months while deleting backup files and plotting their attack. Then on, for example, a Saturday at 4am they'll launch a debilitating attack and effectively hold the company's data hostage. The group will then say "you have 2 hours to transfer 5 million dollars in bitcoin to this wallet". This is apperntly called ransomware. Since no one from the insurance company is working at that time, the client company is authorized to transfer the insurer's money to the hacker, which is from the insurer's offer of a 'bitcoin wallet' option for those exact scenarios. I thought this was extremely interesting and can only see the problem getting worse. Would love to hear anymore insight to this or other related points.