You are all familiar with a typical presentation on risk management where we see the same old graph that depicts the risk as finite on one side and the costs of mitigation as infinite on the other side and attempts to show us a balance between the two where the costs are minimal. Well, the idea is correct but guess what? The graph is wrong. The graph is wrong and it gives you a wrong idea of cost distribution which in turn causes you to bias towards more risk. That graph actually makes you and your business less risk-averse. How?
A “traditional” risk cost versus mitigation cost trade off graph.
You see, the idea that the risk is finite while the risk mitigation cost is infinite is a myth.
Risk mitigation cost is only infinite when your resources are lower than those required for mitigation. So, yes, this is possible but unlikely. There are limits to our technology and there are limits to the investment effectiveness but there is a limit to the numbers of risks and mitigation techniques that a business can apply. So the risk mitigation costs may be very high and you may be unwilling to pay them but they are not infinite. You may have a cut-off line somewhere saying that here is how much we are willing or able to spend on mitigation but the line of risk mitigation costs should not be going up into infinity.
On the other hand, the cost of risk is easily infinite when it causes your business to go bust. Usually, this kind of situation is taken separately and considered an “existence threatening” risk that has to be handled separately for no apparent reason. Risk may be so high that you cannot afford it, so the cost of such a risk level is infinite and this has to be depicted in the diagram.
A more realistic trade off between risk and mitigation cost.
Given these observations, the graph looks more realistic and does highlight two important things. First, there is a level of risk you cannot afford, i.e. you must invest into mitigation at least what it takes to move out of the “infinite risk” level. Second, the graph causes one to take a more conservative, more risk-averse position automatically. For a business, this may be a good thing.