A risk matrix (also known as a likelihood/impact matrix, probability/severity matrix, Probability-Consequence Diagram, Probability-Impact Diagram, or Heatmap) is a common tool in risk management. It helps visualise risks by plotting them based on two or more dimensions.
Cybersecurity risks have unique characteristics, necessitating the need for a unique risk matrix. The Cybersecurity Risk Matrix Generator lets you plot cybersecurity risk on three dimensions.
- Impact Severity X-Axes: How severe would the consequences be if a risk materialises? (e.g., negligible, minor, moderate, major, catastrophic).
- Exploitation Effort Y-Axes: How much effort or resources would it take for a threat actor to exploit a vulnerability? (e.g., very low, low, moderate, high, very high).
- Strength of Knowledge Bubble size: How strong is our knowledge of this risk?