This Content Component encountered an error
Definition

business risk

Contributor(s): Ivy Wigmore

A risk, in a business context, is anything that threatens an organization's ability to generate profits at its target levels; in the long term, risks can threaten an organization's sustainability.

Business risks are broadly categorized as pure risks, which are negative events over which the organization has no control, and speculative risks, which are potential effects of actions taken and choices made that may have positive and/or negative effects. Another model categorizes business risks as internal (resulting from events with the organization) and external (resulting from events occurring outside the organization).

According to security expert Shon Harris, once a business risk has been identified, an organization has four options: transfer it, avoid it, reduce it or accept it.

Risk analysis programs are designed to help an organization deal as effectively as possible with existing or potential threats. The four main elements of risk analysis are:

  • Identifying corporate assets and assessing their value.
  • Identifying vulnerabilities and threats to the security of those assets.
  • Quantifying the probability of those threats and their potential impact on the business.
  • Compare the potential economic impact of the threat versus the cost of the countermeasures required to protect the organization from it.

See also: Types of enterprise risk

 

This was last updated in October 2014

Continue Reading About business risk

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close