So what is risk appetite? It is the amount and type of risk that an organization is willing to accept. In other words, risk appetite specifies value ranges for key performance indicators. Examples of these include:
Note that risk appetites will vary widely by organization, and much like those that I mentioned, may not mention cybersecurity at all!