The set of shared values and beliefs that governs attitudes toward risk-taking, care and integrity, and determines how openly risk and losses are reported and discussed.

Risk culture is the set of shared values and beliefs about risk that shape how people within an organization approach risk-taking, care, and integrity, and it determines how openly risk and losses are reported and discussed. This concept explains why some organizations encourage speaking up about near-misses and adverse events and how decisions are influenced by a collective attitude toward risk. A strong risk culture promotes transparency, accountability, and learning from mistakes, with safe channels for reporting and escalation. In contrast, risk appetite describes how much risk the organization is willing to accept to achieve objectives, governance refers to the formal structures, policies, and oversight that direct risk management, and vulnerability refers to exposure or weaknesses in assets or controls.