[gnidan]

You can use a securely hidden private key mnemonic (12-word, high entropy phrase) on a piece of paper, along with an offline "airgapped" computer, to sign transactions, then transfer the signed transactions to a device with internet access to publish it to the network.

That's probably the most secure method of managing keys yourself, assuming access to physical security. A good approximation of this solution is the use of a hardware wallet, which keeps the private key behind a secure enclave (USB interface, transaction signing occurs within the enclave)

There's no insurance or anything like that, either privately offered or via government regulation. The crypto market is still immature, so I wouldn't be surprised to see protections emerge in the coming decade. In the meantime, there is no equivalent to a bank for crypto assets—the best practice is currently to manage offline wallets oneself. Certainly be careful, though, user error is a big risk!