Risk management must involve risk reduction, risk transference by contract, and risk transference by insurance. Reducing external risks includes those threats from fire, flood, smoke, lightning, malicious attack, and intruders. Risk transference involves the examination of every point of contact between the computer operation and the outside world where there is a contractual relationship, such as contracts with computer manufacturers, lessors, maintenance engineers, suppliers, and clients. Risk transference by insurance should include loss or damage, breakdown caused by a power failure, employee dishonesty, and employee error. The paper details the types of insurance coverage which may be obtained with respect to material damage, consequential loss, and legal liabilities. Diagrams are included.