What would be an example of an organization transferring the risks associated with a data breach?

What would be an example of an organization transferring the risks associated with a data breach?
A . Using a third-party service to process credit card transactions.
B. Encrypting sensitive personal data during collection and storage
C. Purchasing insurance to cover the organization in case of a breach.
D. Applying industry standard data handling practices to the organization’ practices.

View Answer

Answer: C

Explanation:

Reference: http://www.hpso.com/Documents/pdfs/newsletters/firm09-rehabv1.pdf

Purchasing insurance to cover the organization in case of a breach. By purchasing insurance, the organization can transfer the financial risks associated with a data breach to an insurance provider. This is a risk management strategy that can help an organization mitigate the financial impact of a breach.

Transferring risk means shifting some or all of the potential losses or liabilities associated with a risk to another party2. Purchasing insurance is one way of transferring risk, as it allows the organization to share the financial burden of a data breach with an insurer. The other options do not involve transferring risk, but rather reducing, avoiding or accepting it.