For many years, security professionals have lived by the three pillars of risk management \u2013 AVOID, TREAT, ACCEPT.\u00a0 These great tenets have served the profession well, enabling CISOs to build appropriately secure networks at a tolerable level of cost. Unfortunately, as evidenced by the litany of security breaches we have seen over the past 12 months, it\u2019s clear that the landscape is changing.\u00a0 More than ever before, security is clearly a \u2018no-win\u2019 game.\tThe high profile attackers, state-sponsored or otherwise, are one threat \u2013 but it goes deeper than this.\u00a0 The keys to the kingdom are no longer in the hands of the generals and policy makers; their decisions and discussions are enabled by email, IM and IP telephony, all of which sit firmly in the domain of the IT department and system admin \u2013 and stressed, poorly paid employees do not make the ideal custodians of such critical information. As an example, Anonymous claims to have access to every classified government database in the US, but they didn\u2019t hack them \u2013 disaffected system administrators and employees simply opened the doors for them, or sent them the access codes.\u00a0\tAs the broadening gap between our ambitions for a secure enterprise and our abilities to deliver on such a vision become self-evident, the time has come to pay equal attention to the poor cousin of risk management, \u201cTRANSFER.\u201d\u00a0\u00a0For many CISOs, risk transference is a topic that is largely theoretical as, even when a task is outsourced, the risk associated with a breach commonly remains with the data owning organisation. Cyber insurance offers a different solution.\tTheoretically, cyber insurance can enable a company to experience an information breach and avoid many of the negative financial and reputational impacts.\u00a0 This sounds ideal, yet many CISOs are still reluctant. Could it be the cost of cover, the complexity of getting the right policy or a simple lack of faith that an insurance company will pay-out when the breach actually occurs?\tJoin me at the Forrester Security Forum in\u00a0Las Vegas, and subsequently in\u00a0Paris, where we will be talking about this topic and more. \u00a0Join in the discussion using the #FSF12 (Las Vegas) and #SFE12 (Paris) hashtags.