### Risk Exposure

Risk exposure is a measure of risk that is evaluated with consideration of all the risk factors. If the effect is evaluated with monetary value, risk exposure is an indicator of potential financial loss. A risk score is a common type of risk exposure.

Risk = Threat x Vulnerability

This formula is overly simplified and has been misunderstood for years. It is elaborated as follows:

- The
**Risk**term in the formula should refer to “Risk Score” or “Risk Exposure.” - The
**Threat**term in the formula should refer to “The impact of a threat.” - The
**Vulnerability**term in the formula should refer to “The likelihood of the vulnerability being exploited.” - The formula should be interpreted as
*“Risk Exposure is a function of the impact of a threat and the likelihood of the vulnerability being exploited.”*As a result, the calculation doesn’t necessarily have to be multiplication.