In the last few years insurance carriers have shouldered expensive cybersecurity claims. To avoid some of that risk, some providers are dropping small firms with underwhelming cyber controls or exiting the market entirely.