Application Security Terminology

Glossary

Risk Exposure

Risk exposure is the measure of potential future loss resulting from a specific activity or event. An analysis of the risk exposure for a business often ranks risks according to their probability of occurring multiplied by the potential loss if they do. By ranking the probability of potential losses, a business can determine which losses are minor and which are significant enough to warrant investment.

There are two categories of risks: pure risks and speculative risks. Pure risks are unexpected risks that cannot be controlled, such as unexpected death and natural disasters. Speculative risks are voluntary risks that have an uncertain outcome, such as business investments or new product introductions. When things go wrong, speculative risks can result in losses such as brand damage, compliance failures, security breaches, and liability issues.

To calculate risk exposure, analysts use this equation: (probability of risk occurring) X (total loss of risk occurrence) = risk exposure.

Read about how WhiteHat Security Index can track data to measure your risk exposure overtime.