Ardua's Risk Formula

What is Risk?

Risk can be an overused term, but what does it mean? Let’s break it down.

Risk is a function of Threat (who/what) x Vulnerability (how) x Consequence (how much)

Risk is the result of a threat that exploits a vulnerability and causes damage.

The less risk, the better you sleep at night. Security is a moving target so it is impossible to be 100% secure, but it is possible to reduce your risk to the smallest acceptable level.

Threat is the "who" or "what" is capable of causing harm. Human threats may be a single person, a group, a competitor, or a nation state. Other threats may be a hurricane or a weather event.

Vulnerability is the "how" part of this equation and is a weakness (in terms of physical, technical, organizational, and cultural aspects) that can be exploited by an adversary to adversely affect (cause harm or damage to) that system.

Consequence is the "how much" damage that occurs and what it will cost you. This cost could be money, injuries, intellectual property, customers, property, reputation, or loss of life.

Changes in your protection and risk result in reducing your overall vulnerability, the one element of risk you can easily control.

Solutions for Energy Systems' Adversities