Certified in Risk and Information Systems Control (CRISC) — Question 1023

An organization has purchased insurance coverage against potential unauthorized disclosure of personal data. What should be expected as a result of this risk response?

Answer options

• A. Reduced impact of a data breach
• B. Removal of the scenario from further analysis
• C. Reduced likelihood of a data breach
• D. Increased tolerance against a data breach

Correct answer: A

Explanation

Choosing insurance coverage will lead to a reduced impact of a data breach because it provides financial support and resources to address the consequences of such incidents. However, it does not eliminate the risk or likelihood of a breach occurring, nor does it remove the scenario from consideration in risk assessments. Additionally, it does not increase tolerance, as tolerance refers to the willingness to accept risk rather than a response to it.