Example: Given information on two threat types in the table below, an organization should prioritize protection against Threat 2 because its risk, which we calculate to be 0.02 * 550,000 = 11,000, is greater than the risk imposed by Threat 1, which is 0.91 * 10,000 = 9100, despite Threat 1's probability to occur being much higher:
Threat | Probability of Happening | Cost of Damage |
---|---|---|
Threat 1 |
0.91 |
$10,000 |
Threat 2 |
0.02 |
$550,000 |
Fun Class Activity: Which two of the following three threats should receive a company's greatest attention?
Threat | Probability of Happening | Cost of Damage |
---|---|---|
Threat X |
0.36 |
$100,000 |
Threat Y |
0.59 |
$89,000 |
Threat Z |
0.21 |
$250,000 |