Risk exposure is a measure of risk that is evaluated with consideration of all the risk factors. If the effect is evaluated with monetary value, risk exposure is an indicator of potential financial loss. A risk score is a common type of risk exposure.
Risk = Threat x Vulnerability
This formula is overly simplified and has been misunderstood for years. It is elaborated as follows:
- The Risk term in the formula should refer to “Risk Score” or “Risk Exposure.”
- The Threat term in the formula should refer to “The impact of a threat.”
- The Vulnerability term in the formula should refer to “The likelihood of the vulnerability being exploited.”
- The formula should be interpreted as “Risk Exposure is a function of the impact of a threat and the likelihood of the vulnerability being exploited.” As a result, the calculation doesn’t necessarily have to be multiplication.