Many commentards don't understand insurance
Look at your fire insurance policy; it will exclude, for example, acts of war. The last time Britain got into a big war, half [sorry, lots of] the houses in London caught fire. No insurer can actually pay out that scale of losses, so they exclude them from the risk covered. Somebody else, the insured or the Government, has to bear these risks.
The insurance spokesman no doubt understands this about insurance, but does not understand cyber security. It is perfectly possible to insure against the odd idiot who leaves a laptop in a taxi, because this is standard idiot behaviour and the industry has lots of data on that. But cyber attacks are much more like warfare, in that people are actively working to create losses. If some unknown vulnerability is discovered and exploited, half [sorry, lots of] the companies in Britain could suffer big losses. The insurers cannot actually pay out for this, and last year's data on cyber attacks is pretty much useless for predicting next year's losses due to new kinds of attacks.
So the insurers want data that actually won't help them, and that will create new risks. The insurers will either have to become cowboys, making promises that they cannot honour, or will have to exclude liability for most active attacks. That would rather defeat the purpose of cyber insurance.