I am not sure, how exchange management will convince insurance company if such case gonna be actual. For example, finding hacker group and paying them for hacking their own exchange after giving vulnerable gaps on site. Maybe someone can explain how does this mechanism work?