Cyber Risk
Also known as: Cybersecurity Risk, Information Security Risk
The potential for financial loss or operational disruption from attacks on or failures of digital systems, networks, and data.
Definition
Cyber risk refers specifically to risks arising from vulnerabilities in information technology systems, including networks, software, hardware, and the data they process. It is a subset of the broader category of digital risk, focused on the technology layer rather than business model or reputational exposure.
Cyber risk is quantified by impact (what damage would result if a vulnerability is exploited) and likelihood (how probable is exploitation given existing controls). Risk management approaches include technical controls, cyber insurance, vendor assessments, and employee security training.
Cyber risk is quantified by impact (what damage would result if a vulnerability is exploited) and likelihood (how probable is exploitation given existing controls). Risk management approaches include technical controls, cyber insurance, vendor assessments, and employee security training.
Example
A company's customer portal runs on software with a known unpatched SQL injection vulnerability. The cyber risk is high because the vulnerability exists, is publicly known, and exploitation would expose customer payment data.
Important Distinctions
Cyber risk is narrower than digital risk. A business that is heavily dependent on Google search traffic for revenue faces significant digital risk from algorithm changes, but this is not cyber risk ... there's no vulnerability being exploited. Understanding this distinction helps prioritize the right mitigation strategies.