Risk transfer means shifting financial liability or impact to another party. Cyber insurance (B) directly achieves this by covering breach-related costs. Adopting standards (A) and retaining third parties (C, D) are risk mitigation/reduction, not transfer.
“Risk transfer is commonly achieved via insurance coverage for breach costs and liabilities.”
[References: ISACA CDPSE Review Manual – Domain 1: Privacy Governance & Risk Management (Risk Treatment Options – Avoid, Reduce, Transfer, Accept)., , ]
Submit