Q3.

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Risk management strategies define how an organization responds to identified risks. Purchasing cyber insurance is a classic example of risk transfer (also known as risk sharing). This strategy involves shifting the financial impact of a potential loss to a third party, in this case, the insurance company. The organization pays a premium, and in exchange, the insurer agrees to cover the costs associated with a cyber incident, such as data recovery, legal fees, and fines. The company does not eliminate or reduce the risk itself, but it transfers the financial consequences.