View Source

Potential damage

Low
Medium
High
Very high

Decisions:

Accept: acknowledge the risk, but do not take any action before it hits
Mitigate: take measures to reduce the probability of occurrence or the potential damage
Avoid: do something else without this risk, e.g. nothing
Transfer: let someone else take care of it, e.g. insurance
(Deny the risk: not allowed to choose, but many managers do this nevertheless...)

			Probability of occurrence	Potential damage	Decision
Financial	1	GAFAM	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	2	Competing technology	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny Accept Mitigate Avoid Transfer Deny
	3	Market Growth Challenges	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	4	Funding	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	5	Environmental cost	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
Legal	6	Governments Rules	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
Legal	7	International Compatibility (ex. GDPR)	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	8	No definition or legal commitment for punishment in regard of misusing	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
Strategic	7	Dependency
	8	Intermediaries
	9	Acceptance
	10	Engagement (Governance Rules)
	11	Usability
	12	Interoperability (Standards and Protocols)
	13	Integration
	14	Communication (Marketing)
Security	15	Physical vulnerabilities (Device lost)
Security	16	Protecting sensitive data

Consensus

many times in a year
once in 1 years
once in 2 years		e.g. Physical vulnerabilities (Device lost)
once in 5 years
once in 10 years
percentage of occurrence Probability / Potential damage	Low	Medium	High	Very High

No-consensus-pile

.....