There are a handful of problems with this approach, which is part of why these types of insurance policies are incredibly expensive. The entire MO of these operations is to infect a company's systems, and wait until most or all of the backups are affects before locking the system down. They will wait months or for bigger targets, years.
That doesn't help. The system is already infected when the backups are taken, therefore the backups are infected. That's why these criminal organizations wait months until actually locking your system down, so that your oldest backups are deleted by retention policy. If they have access to your system and can figure out what your backup retention policy is, they'll set it to go off at the point when all your backups are infected.
For a concrete example, someone could infect an image storing service with code that encrypts (and silently decrypts) the data when it's stored / retrieved. When the hacker removes the decryption key from the running service, the backups will also be inaccessible because they are also encrypted.
Are user accounts data or systems? Compromise of AD is a very common means. This said this can still be fixed before putting it back where it could reach the internet and cause trouble.
No reason such an insurance company couldn't be run in the early/mid 20th century manner, entirely with paper records. Send carbon copies of all documents to two remote locations to eliminate the threat of a fire wiping out the records.
This is easy. It requires you to hire a lot of human clerks, but since the customers are large businesses that means there aren't a whole lot of customers in the first place. And if you can't get enough typewriters, there's no reason the clerk work couldn't be done on computers connected to printers, with all document storage still being done on paper. If the computers get pwned, throw them out and buy new ones; it doesn't matter because the documents weren't being stored on those computers.
The dumbest take of companies was assuming insurance companies would keep paying their ransom because they were thinking fixing their networks was less important