An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. The risk practitioner should report to management that the risk has been:

A. accepted
B. mitigated
C. transferred
D. avoided