02 Sep What is Risk Appetite?

The insurance industry uses the term “risk appetite” to describe the level of risk that an organization is willing to accept. An essential first step in managing corporate security, and resiliency, has to do with determining your firm’s risk appetite.

Risk appetite is defined as the amount of risk exposure that an organization is willing to accept as a normal course of business. Tolerance for risk exposure can vary greatly from one company to another, and among different industry segments. As a precursor to establishing an effective risk management program, it’s essential for a firm to determine its risk appetite. This can be done using a baseline analysis that accounts for a combination of threats, vulnerabilities, consequences, and readiness. It’s interesting to note that often a company’s appetite for risk doesn’t match its actual exposure. In other words, companies are often unaware that their risk exposure is significantly greater that their actual tolerance for that risk. Assessments, training, and exercises are all excellent ways to expose those gaps, and establish focus points for adjusting your firm’s security posture to align with its risk appetite.

Luke Ritter

Luke Ritter is a consultant to Markon. Previously, he was the executive vice president and principal, global trade security for Ridge Global LLC, a firm founded by Tom Ridge, the First U.S. Secretary of Homeland Security. He is a specialist in commercial and military transportation operations and logistics, and was formerly the founder and CEO of Trident Global Partners, a nationally recognized transportation security consulting firm. Mr. Ritter holds a B.S. degree from the U.S. Naval Academy as well as an M.B.A. in transportation and logistics. He is a part-time instructor at the U.S. Merchant Marine Academy’s Global Maritime and Transportation School, and serves as a contributing scholar at the Heritage Foundation.