What is a cybersecurity risk?
A cybersecurity risk is a situation where someone or something valued is exposed to danger, harm or loss (noun) or to expose someone or something valued to danger, harm or loss (verb).
A cybersecurity risk represents the intersection of occurrence likelihood and potential impact to ascertain the appropriate level of risk an incident could expose an organization to.
- Is where an identified risk that poses a material impact;
- Is a quantitative or qualitative scenario where the exposure to danger, harm or loss has a material impact (e.g., significant financial impact, potential class action lawsuit, death related to product usage, etc.); and
- Should be identified and documented in an organization's "risk catalog" that chronicles the organization's relevant and plausible risks.