Risk transfer is characterized by shifting the financial burden of a risk to another entity. Obtaining a cybersecurity insurance policy effectively transfers the financial risk of a cyber attack to the insurance company. Adjusting security controls to enhance detection would be an example of mitigation, which aims at reducing the risk's probability or impact. Developing a response strategy falls under preparedness and mitigation, as it prepares the organization to handle the impact, but does not transfer the risk. Lastly, training employees is a preventive measure and also falls into risk mitigation; it does not transfer the risk.