Archive · · 2 min read

What Is Risk?

How do we respond to risk? Do we have the data we need to make an informed decision?

What Is Risk?

Risk is a common topic when talking about cybersecurity and digital privacy.

At some level, we all understand the idea of risk but what are we actually talking about?

Risk is way of describing exposure to danger.

Two Parts

To properly describe a risk, you need to pieces of information;

  1. The potential impact of the event
  2. The likelihood of the event occurring

You need both to make an informed decision. Unfortunately, in the digital world we rarely have both pieces of the risk puzzle.

Impact

Let’s examine the risk of someone gaining access to our crypto wallet.

If a cybercriminal gains access to our wallet they could take our cryptocurrency, transfer ownership of any NFTs, and impersonate us online if we’ve used that wallet as an identity.

The makes the impact directly related to what we’ve used that wallet for.

The value of cryptocurrency and NFTs are reasonable easy to evaluate. The impact of someone impersonating us is harder to qualify but is generally on the more serious side of things.

In the digital world, we usually have a good idea of the impact of an event.

Potential

Can we estimate the likelihood of this event occurring?

Assuming that you’re not broadcasting your wallet password, how likely is a cybercriminal or other malicious actor to try and access your wallet?

There’s not direct data to support any specific probability. That means we have to estimate…guess basically.

You could take the more secure/paranoid route and assume it’ll happen. This means you’ll take steps to reduce the potential impact because you assume you’ll lose control of your wallet at some point.

You could take the exact opposite approach and assume it’ll never happen. This utopian view rarely ends well over time.

A third possible approach is to take reasonable steps that become more strict as the value of what your wallet can access increases over time.

This is a good approach but it’s not based on any real data.

Guessing Digital Risk

The lack of probability data means that digital risks are evaluated using “best guess” numbers. There are no alternatives at the moment as the community scrambles to gather more accurate probability data.

But it’s a long way from the data-driven approach we need…

Read next