The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Cybersecurity

Cybersecurity risk

Edit

Definition[]

Cybersecurity risk is

[t]he risk to organizational operations (including mission, functions, image, reputation), resources, and other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or IT and ICS.[1]

Overview[]

"The risks associated with any attack depend on three factors: threats (who is attacking), vulnerabilities (the weaknesses they are attacking), and impacts (what the attack does). The management of risk to information systems is considered fundamental to effective cybersecurity."[2]

"Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers."[3]

References[]

  1. Electricity Subsector Cybersecurity Risk Management Process, at 62.
  2. Cybersecurity Issues and Challenges: In Brief, at 2.
  3. NIST Cybersecurity Framework.

See also[]

Community content is available under CC-BY-SA unless otherwise noted.
Advertisement