Risk appetite isn’t a term that comes up a lot in the security trade media. This is interesting, because understanding risk appetite is a crucial factor in developing acceptable security programs, communicating value, and aligning the function with the goals of the business — all of which are talked about in security circles all the time. So what is risk appetite?
“One definition is the limit of how much risk – in an absolute sense – you want to take,” said Gregory Niehaus, professor of Finance and Insurance at the University of South Carolina’s Darla Moore School of Business, during last month’s Next Generation Security Leader development program session. “An alternative view, one that I prefer, recognizes that you engage in risky activity because of the good results. We take risk because we expect a return.”