Which term describes the risk that information may be divulged or made available to recipients without authorized access by the information owner?

Access risk is the risk that information may be divulged or made available to recipients who should not have access, by the information owner. It centers on confidentiality—how well access controls prevent unauthorized viewing, copying, or sharing of data. This risk arises when authentication, authorization, or data-sharing processes are weak or misconfigured, allowing someone who isn’t authorized to obtain information. Strengthening access control—through the principle of least privilege, proper role-based access, regular permission reviews, and monitoring—reduces this risk. For example, broad file permissions or inadequate authentication can let an unintended person see sensitive information.

Risk governance refers to the overarching process of managing risk across an organization; an asset is the information or resource being protected; a risk statement is a description of a risk. None of these describe the specific risk of information being disclosed to unauthorized recipients the way access risk does.