What is a cybersecurity risk?

Direct Answer

A cybersecurity risk is a situation where someone or something valued is exposed to danger, harm or loss (noun) or to expose someone or something valued to danger, harm or loss (verb).

A cybersecurity risk represents the intersection of occurrence likelihood and potential impact to ascertain the appropriate level of risk an incident could expose an organization to.

A material risk:

Is an identified risk that poses a material impact;
Is a quantitative or qualitative scenario where the exposure to danger, harm or loss has a material impact (e.g., significant financial impact, potential class action lawsuit, death related to product usage, etc.); and
Should be identified and documented in an organization's "risk catalog" that chronicles the organization's relevant and plausible risks.

Keep Exploring

Relevant ComplianceForge Resources

Cybersecurity & data privacy risk management templates
Cybersecurity Risk Assessment (CRA) Template

References

Authoritative Sources

NIST Cybersecurity Framework (CSF) 2.0
NIST SP 800-53 Rev. 5