Which risk response involves transferring risk to an external party such as insurance?

Transferring risk to an external party, such as through insurance, is a risk transference approach. The idea is to shift the potential financial impact of a threat to someone else. When you buy an insurance policy, you pay a premium and the insurer assumes the financial consequences of a covered incident up to the policy limits. This doesn’t remove the risk itself, but it changes who bears the cost if the risk materializes. This differs from reducing risk, which uses security controls and safeguards to lower either the likelihood of an event or its impact. It also differs from accepting risk, where you acknowledge the risk and decide not to take action, and from avoiding risk, where you change plans or avoid the activity altogether to eliminate the risk. Insurance is the classic mechanism for shifting exposure to another party while you maintain the ongoing activity.