It is all about the total cost of risk. You calculate the cost of reducing your risk to some pre-agreed and acceptable level by applying preventive measures and or risk-transfer techniques (such as insurance) and you compare that to the cost of the risk you have now "avoided". Somewhere along these curves the extra cost of reducing the risk will become too expensive for the gains obtained and that is where you accept to take the remaining risk.

Simple as this may seem, it is very difficult to calculate the value of your risk at any time, so there is still a lot of guessing in this model.