“Attestations will become a thing of the past, and policy holders will need to prove, with proper documentation, that the controls they say are in place are truly there. The burden of proof will be on the entity, not the insurance company, to prove the controls in the policy were being followed prior to a breach.”
Source: The future of cyber insurance: What to expect in 2022 | Security Info Watch