I would thnk so. Ransomware is a pretty well established risk. Before the insurance pays out you need to have taken all reasonsable steps to avoid the incidnt in the first place. If they'd done that then almost certainly they wouldn't have an incident in the first place.
Usual suspects -
No money for training of staff on phishing or spotting other malware
Basic AV only
Internal network flat because reconfiguration would cause downtime
Servers and desktops unpatched for the same reason
No internal IT staff other than screwdriver techs
Backups either unprotected so encrypted as well or non-functional because they've never been tested
If any of that is the case they'll get fuck all money. Still not to worry it's still IT's fault somehow.