Risk Management

Example: Given information on two threat types in the table below, an organization should prioritize protection against Threat 2 because its risk, which we calculate to be 0.02 * 550,000 = 11,000, is greater than the risk imposed by Threat 1, which is 0.91 * 10,000 = 9100, despite Threat 1's probability to occur being much higher:

Threat Probability of Happening Cost of Damage
Threat 1
0.91
$10,000
Threat 2
0.02
$550,000

Fun Class Activity: Which two of the following three threats should receive a company's greatest attention?

Threat Probability of Happening Cost of Damage
Threat X
0.36
$100,000
Threat Y
0.59
$89,000
Threat Z
0.21
$250,000