A metric used to assess and measure possible risks. It allows businesses to track their risk profile. For example, analyzing threats and vulnerabilities of the tools a company uses will allow it to assess how likely a cyberattack is. If two tools have minor vulnerabilities, the risk is low, but if four or five of them have major security flaws, the business may want to take some steps to prevent an attack.