Scoring and Prioritizing Risks

Once risks are identified, you need to score them to prioritize mitigation efforts. The most common approach is the Risk Matrix: multiply impact by likelihood to get a risk score.

Risk Formula

Risk Score = Impact × Likelihood

Impact (1-5) × Likelihood (1-5) = Score (1-25)

Interactive: Risk Score Calculator

Select a risk and adjust impact and likelihood to calculate its score:

Select Risk to Evaluate

Customer Data Leakage

Agent exposes customer PII in logs or responses

Impact (Severity of Consequences)

1 (Minimal)35 (Catastrophic)

Likelihood (Probability of Occurrence)

1 (Rare)25 (Certain)

Your Assessment

LOW

3 × 2

Suggested Baseline

HIGH

5 × 3

⚠️ Your score differs significantly from the baseline. Consider if your assessment accounts for all factors.

Risk Matrix Reference

Score Range	Risk Level	Action Required
20-25	CRITICAL	Immediate action, escalate to leadership
15-19	HIGH	Address within 1 week, prioritize resources
10-14	MEDIUM	Plan mitigation, monitor closely
5-9	LOW	Track and review periodically
1-4	MINIMAL	Accept risk, log for awareness

💡

Scoring is Subjective

Risk scoring involves judgment. Different teams might score the same risk differently based on their context, risk appetite, and experience. Use scoring to facilitate discussion and prioritization, not as an absolute truth. Review and adjust scores as you learn more.

Risk Assessment

Your Progress

Scoring and Prioritizing Risks

Risk Formula

Interactive: Risk Score Calculator

Select Risk to Evaluate

Customer Data Leakage

Unauthorized Deletion

API Rate Limit Exceeded

Prompt Injection Attack

Customer Data Leakage

Risk Matrix Reference