Certified in Risk and Information Systems Control (CRISC) — Question 1365

An organization operates in an environment where the impact of ransomware attacks is high, with a low likelihood. After quantifying the impact of the risk associated with ransomware attacks exceeds the organization's risk appetite and tolerance, which of the following is the risk practitioner's BEST recommendation?

Answer options

• A. Ensure business continuity assessments are up to date.
• B. Obtain adequate cybersecurity insurance coverage.
• C. Obtain certification to a global information security standard.
• D. Adjust the organization's risk appetite and tolerance.

Correct answer: B

Explanation

The best recommendation is to obtain adequate cybersecurity insurance coverage, as this can help mitigate the financial impact of a successful ransomware attack. Ensuring business continuity assessments are current is important but does not directly address the financial risks. Certification to a global security standard may enhance security posture but does not provide immediate financial protection, and adjusting risk appetite does not solve the underlying risk exposure.