What is a cybersecurity risk?

What is a cybersecurity risk? 

A cybersecurity risk is a situation where someone or something valued is exposed to danger, harm or loss (noun) or to expose someone or something valued to danger, harm or loss (verb). 

A cybersecurity risk represents the intersection of occurrence likelihood and potential impact to ascertain the appropriate level of risk an incident could expose an organization to. 

A material risk: 

  • Is where an identified risk that poses a material impact; 
  • Is a quantitative or qualitative scenario where the exposure to danger, harm or loss has a material impact (e.g., significant financial impact, potential class action lawsuit, death related to product usage, etc.); and 
  • Should be identified and documented in an organization's "risk catalog" that chronicles the organization's relevant and plausible risks.