That's a very profound question.
In terms of the allocation of risk, I think the banking example is an excellent one. Not only do they have cybersecurity elements, but they also do have a substantial amount of anti-fraud, so if they see something that's out of character, it tends to trigger their fraud controls. I've always been quite impressed with that
I think we've all fallen victim to something like debit card skimming and things like that at some point. Hopefully nobody has, but I had my debit card skimmed once. I think there are some elements there.
Risk is one of those areas where it's really about how to minimize the risk. I'm not sure about risk transference. It's a challenging question. I think, in that case, the question would really be whether you are doing something that's absolutely negligent or not.
Again, that's probably a question best left to a lawyer, not to a cybersecurity engineer. It is something where—