SEI Cyber Minute: Cyber Risk Appetite
• Video
So what is risk appetite? It is the amount and type of risk that an organization is willing to accept. In other words, risk appetite specifies value ranges for key performance indicators.
Publisher
Software Engineering Institute
Watch
Abstract
So what is risk appetite? It is the amount and type of risk that an organization is willing to accept. In other words, risk appetite specifies value ranges for key performance indicators. Examples of these include:
- % of failed business transactions: <2%
- market-to-book ratio: 1.0x-1.5x
- # of high severity compliance issues: 0
- % customer satisfaction: >88%
Note that risk appetites will vary widely by organization, and much like those that I mentioned, may not mention cybersecurity at all!