I insure a bunch of big datacenters (crypto mining, AI); there are really two main drivers of cost of insurance per $ of equipment:

1) Internal risks and controls within the datacenter (the company involved and their operating history, fires, flood, etc,) -- for a sufficiently "good" datacenter, you can assume it gets maxed out in quality, or at least to the point where it's no longer efficient to spend more. Most of these risks also cause service disruptions, so if you're building for high availability anyway, the rest of this stuff is usually handled as part of that. Essentially, if you're too cheap to build a good enough datacenter to max this out, you're not getting insurance anyway in most cases, so it's not a variable factor so bunch as binary or maybe a few broad risk bands (ISO tier for datacenters).

2) External risks. This is mostly natural catastrophe ("nat cat" or "cat risk"); usually there's one dominant driver of that ("severe convective storms" in Texas; floods and hurricanes in places like Florida; earthquakes in California). In some places it's multiple risks (Japan has both earthquake/tsunami and typhoon). This drives the majority of insurance premium.

War risk, geopolitical, political risk, terrorism, SRCC ("strikes, riots, and civil commotion") are in a third category -- often essentially not a factor (e.g. for a $200mm facility in rural Texas), but often handled through special programs at a national level or specialty insurance. A lot of normal policies exclude or let the client buy-back that part of the risk.

As my personal interests in war zones, drones, etc. and professional interests in crypto, AI, and datacenters seem to have converged, looking forward to seeing "quality of air defense artillery/integrated air defense system" as well as "comprehensive quick reaction force capable of dealing with national-level threats" as elements of insurance underwriting for $50B AI datacenters/"AI factories" in the future. I assume in most cases this kind of stuff will be handled by national, military, defense, or civil defense parts of the government, but could easily be contracted as well. I don't think Oracle Cloud is likely to stand up their own private army though.