Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Video

SEI Cyber Minute: Cyber Risk Appetite

  • September 2017
  • So what is risk appetite? It is the amount and type of risk that an organization is willing to accept. In other words, risk appetite specifies value ranges for key performance indicators.
  • Publisher: Software Engineering Institute
  • Abstract

    So what is risk appetite? It is the amount and type of risk that an organization is willing to accept. In other words, risk appetite specifies value ranges for key performance indicators. Examples of these include:

     

    • % of failed business transactions: <2%
    • market-to-book ratio: 1.0x-1.5x
    • # of high severity compliance issues: 0
    • % customer satisfaction: >88%

     

    Note that risk appetites will vary widely by organization, and much like those that I mentioned, may not mention cybersecurity at all!