Subsidies are used to further control the propagation of epidemic security risks as they offer users incentives to practice security investment behaviors. However, previously proposed subsidy policies have typically been studied without insurance, and it is still challenging to build effective subsidy strategies when users can transfer some of the infection loss to the insurer by purchasing insurance, because these external incentives may alter users' decisions to purchase insurance. To this end, we designed three subsidy policies in a scenario where purchasing insurance is one of the available strategies to users: under SPIns and SPInsp, the subsidies are used as the insurance funds and the risk precaution aspect of the insurance funds, respectively, and under SPInsd, a fraction of the subsidies are used to support some free-riding users with high node importance in their purchase of insurance, and the remaining subsidies are used as the precaution aspect of the insurance funds. The subsidy policies are studied with a formulated security investment game model on scale-free networks from the perspectives of the public and insurer. The results show that SPInsd can always work effectively and outperforms others in limiting the extent of an epidemic outbreak with similar or lower social costs, and without a reduction in profit for the insurer. More importantly, an interesting phenomenon emerges in the SPInsp scenario: under specific insurance parameters, the increase in subsidy funding has a negative impact on preventing the risk spread, leading to larger final epidemic sizes. In addition, the effectiveness of SPInsd on scale-free networks with larger average degree or network size and random networks are also studied. We anticipate this work can provide useful insights for policy makers with respect to design and implementation of optimal subsidy policies related to the control of epidemic security risks under an insurance scenario.