Difference between revisions of "Risk Tolerance"
(Created page with "===Other Material=== * The wiki page on Privacy Risk shares some content with this page as privacy risk is becoming a significant factor in Conduct Risk. * The wiki pa...") |
(→Other Material) |
||
| Line 1: | Line 1: | ||
| + | ==Full Title or Meme== | ||
| + | The amount of risk an entity is willing to take to earn a reward. | ||
| + | |||
| + | ==Taxonomy== | ||
| + | |||
| + | '''Risk Appetite''' the level of uncertainty a company is willing to assume given the corresponding reward associated with the risk. A company with a high-risk appetite would be a company accepting more uncertainty for a higher reward, while a company with a low-risk appetite would seek less uncertainty, for which it would accept a lower return. | ||
| + | |||
| + | '''Resilience''' the ability to recover from an unexpected problem. | ||
| + | |||
| + | '''Time Frame''' the amount of time for which a risk calculation is made. If the probably of devastating cyber-attack is 1 % per month, that works out to 3 % per quarter, 12% per year (number rounded for simplicity). As it can be seen if an executive needs to get a good quarterly result to earn a bonus, she has little incentive to spend money to reduce risk with a low near-term probability. | ||
| + | ==References== | ||
| + | |||
===Other Material=== | ===Other Material=== | ||
* The wiki page on [[Privacy Risk]] shares some content with this page as privacy risk is becoming a significant factor in [[Conduct Risk]]. | * The wiki page on [[Privacy Risk]] shares some content with this page as privacy risk is becoming a significant factor in [[Conduct Risk]]. | ||
Revision as of 22:39, 31 December 2022
Full Title or Meme
The amount of risk an entity is willing to take to earn a reward.
Taxonomy
Risk Appetite the level of uncertainty a company is willing to assume given the corresponding reward associated with the risk. A company with a high-risk appetite would be a company accepting more uncertainty for a higher reward, while a company with a low-risk appetite would seek less uncertainty, for which it would accept a lower return.
Resilience the ability to recover from an unexpected problem.
Time Frame the amount of time for which a risk calculation is made. If the probably of devastating cyber-attack is 1 % per month, that works out to 3 % per quarter, 12% per year (number rounded for simplicity). As it can be seen if an executive needs to get a good quarterly result to earn a bonus, she has little incentive to spend money to reduce risk with a low near-term probability.
References
Other Material
- The wiki page on Privacy Risk shares some content with this page as privacy risk is becoming a significant factor in Conduct Risk.
- The wiki page on Privacy Tolerance speaks to a particular area where Conduct Risk can help select an appropriate acceptance level for risk.
