But my IT provider says no

Even with the best IT in the world, human error and bad stuff still happens. When you install fire extinguishers in your building - you still want insurance in case it burns to the ground. The same with IT, an effective IT provider who installs good preventative systems is some of the best protection you can have. The cover is designed to support IT provider not undermine them. In the event of a claim your IT provider is one of the first people we will call to provide assistance (and yes they get paid for their time). Don't forget that the cyber policy provides cover for loss of income (and additional expenses) resulting from not being able to run your systems. While your IT provider will do his or her best to get your back up and running, there is always going to be down time which can last hours or days.

Ask your IT provider this

How long will it take to be back up and running following a hack or server failure?
Can we run a drill to see how long it would take to assess the risk?
Would this timing be the same for all events, including hardware failure?
Will do you the recovery work for free?
Will you pay the loss of income or other increase costs incurred while the business is down?
If I don’t take cyber insurance will you agree to take on and pay for the above risks?