September 2, 2016 7:00:00 AM EDT  |  Risk Management

What is Risk Appetite?

The insurance industry uses the term “risk appetite” to describe the level of risk that an organization is willing to accept. An essential first step in managing corporate security, and resiliency, has to do with determining your firm’s risk appetite.

Close up of businessman throwing dice. Gambling conceptRisk appetite is defined as the amount of risk exposure that an organization is willing to accept as a normal course of business. Tolerance for risk exposure can vary greatly from one company to another, and among different industry segments.

As a precursor to establishing an effective risk management program, it’s essential for a firm to determine its risk appetite. This can be done using a baseline analysis that accounts for a combination of threats, vulnerabilities, consequences, and readiness.

It’s interesting to note that often a company’s appetite for risk doesn’t match its actual exposure. In other words, companies are often unaware that their risk exposure is significantly greater that their actual tolerance for that risk.

Assessments, training, and exercises are all excellent ways to expose those gaps, and establish focus points for adjusting your firm’s security posture to align with its risk appetite.

About the Author

Matt Davis

Matt Davis

Matt Davis has been a project/program manager in the U.S. Government space for 14 years, and has managed both large and small teams. He served over seven years in the U.S. Army while earning a Master's Degree in Business Administration. After the military, he earned several industry certifications to include: PMI-PMP, PMI-RMP and PMI-ACP. He loves challenging himself to learn new ways of doing things. Matt believes that working with people is probably the most important thing he does, and that it is a beautiful thing when a group of people can work together toward a common goal.