Answer :
Purchasing cyber insurance is an example of a risk transfer strategy as it offloads the financial consequences of cyber incidents to an insurance company. Therefore, the correct answer is option c) Purchasing cyber insurance.
Risk transfer involves transferring the risk to another party who will bear the consequences in the event of an undesired outcome. By purchasing cyber insurance, an organization transfers the financial risk associated with cybersecurity breaches and incidents to the insurance company. This differs from strategies such as implementing firewalls and antivirus software, providing security awareness training, or implementing access controls, which are all methods of risk mitigation rather than risk transfer.
