What is a Risk?

According to the international risk management standard ISO 31000 (Source), risk is the "effect of uncertainty on objectives". Effect can be a positive or negative deviation from what is expected.

The term risk has many definitions depending on the context. One of the common definitions of risk is uncertainty (an event may or may not happen). Risk is the combination of the impact and likelihood of the event occuring. Cyber risk is a result of a threat exploiting a vulnerability.

Sometimes risks are mistaken as issues. Issues are events or problems that are already currently happening. Risks are problems that may happen in the future.

risk management

Interested in learning more?

References and resources

  • ISO 31000:2018, (2018) Risk management – Guidelines, provides principles, framework and a process for managing risk. Source
  • American College of Healthcare Executives. (2017). Leading a Culture of Safety: A Blueprint for Success. Source
  • PwC Risk in Review. (2017). Managing risk from the front line. PwC. Source
  • Wallis, P. (2012). Risk management, achieving the value proposition. Government Finance Review. Source
  • Park, K. (2015). Risk angles. Deloitte. Source
  • Perez, J. C. (2016). Assessing risk from vendors and other third parties is key to business success. Qualys Blog. Source
  • The Institute of Internal Auditors. (2014). Managing third-party risks. Source