A small tech startup is assessing the various risks to their operations and has determined that while some threats could be costly, they lack the immediate resources to fully mitigate every potential risk due to budget constraints. Which risk management strategy is MOST appropriate for the startup to use for non-critical systems that still pose a potential financial loss if compromised, given their current situation?
Accept the risk and focus resources on critical systems.
Mitigate the risk by investing in comprehensive defensive measures for all systems.
Transfer the risk by purchasing cyber insurance for non-critical systems.
Avoid the risk by discontinuing the use of non-critical systems.