Any business that uses a computer should have Cyber Insurance. It used to be more for businesses that held Personally Identifiable Information (PII) including credit cards, checks, social security numbers, bank information, drivers licenses, medical information covered under HIPAA, or confidential corporate information. The insurance covers the 1st party costs of IT forensics, notifying customers affected, credit monitoring costs, PR costs as well as 3rd party costs or the costs to defend and settle claims related to a breach of PII. Policies also cover ransomware events, the resulting business interruption, the cost to rebuild your network, as well as potentially paying the ransom. With a huge increase in ransomware as well as social engineering/financial fraud/crime claims, this coverage is important for all businesses, especially small businesses.
Here are two great resource to reference: https://prowritersins.com/cyber-insurance-blog/is-cyber-insurance-worth-it/