Risk transfer involves shifting the potential impact of a risk to a third party, commonly through insurance. Purchasing cybersecurity insurance is a textbook example of risk transfer, as noted in the CISM Review Manual. While utilizing third-party applications may involve outsourcing, only insurance directly transfers the financial impact of risk.
[Reference:ISACA CISM Review Manual, 16th Edition, Page 151, "Risk Response Options – Risk Transfer"., , ]
Submit