Which term denotes the magnitude of loss resulting from a threat exploiting a vulnerability?

Impact denotes the magnitude of loss that results when a threat exploits a vulnerability. It captures the consequences the organization faces, such as financial costs, operational downtime, data loss, regulatory penalties, and damage to reputation. This measure helps quantify how severe the outcome would be if the threat materializes. It’s distinct from likelihood (the probability the threat event occurs) and frequency (how often events occur over a period). In many risk models, risk is considered as the product of likelihood and impact, so identifying the potential magnitude of loss is essential for prioritizing controls and response. For example, a vulnerability that could lead to a multi-million-dollar data breach represents a high impact due to the substantial financial and reputational consequences.