ABI Consulting, LLC

Risk Appetite Calculator

Answer 10 short questions. We’ll score your organization’s default posture as Low, Medium, or High risk appetite and give tailored recommendations.

Completion 0/10
1) Current business priority
Aggressive growth
Growth with managed risk
Balanced growth & compliance
Compliance milestones first
Preserve stability / reduce exposure
2) Tolerance for downtime / service degradation
Tolerant — speed over uptime
Some downtime acceptable
Limited downtime acceptable
Downtime discouraged
Downtime unacceptable
3) Regulatory exposure
High (HIPAA, SOX, defense, etc.)
Significant obligations
Moderate
Limited
Minimal
4) Data sensitivity
Highly sensitive (PHI/PCI/CUI)
Mostly confidential
Mixed
Mostly internal
Mostly public
5) Security budget flexibility
Highly flexible — can invest quickly
Some flexibility
Stable / planned cycles
Tight budget
Severe constraints
6) Culture of experimentation
Move fast, pilot often
Pilot with light guardrails
Pilot with defined approvals
Cautious pilots
Avoid pilots without full review
7) Third‑party reliance
Heavy reliance on critical vendors
Many vendors with key data
Moderate reliance
Limited reliance
Minimal reliance
8) Recent incident history (12 months)
Serious incident / regulator/customer impact
Multiple medium incidents
Some minor incidents
Few / well‑contained
None
9) Customer/SLA expectations
Very strict SLAs / audit clauses
Strict SLAs
Moderate SLAs
Light expectations
Minimal expectations
10) Change velocity (releases / major changes)
Very fast (daily/weekly)
Fast (bi‑weekly)
Moderate (monthly)
Slow (quarterly)
Very slow (rare changes)

Note: This tool is directional. Use results to start a stakeholder conversation and convert into explicit tolerances (AIC triad, privacy, legal, and continuity).