The choice a company makes for dealing with a specific risk.
The main Risk Strategies are:
Choosing to discontinue or not undertake an operation to avoid the risks involved. (e.g. closing or not opening a branch
in a dangerous location.)
Risk Mitigation or Risk Reduction.
Taking steps to reduce the probability or impact of a risk.
Shifting the risk to another organization by taking out insurance, or sub-contracting an activity to another organziation.
Risk Acceptance. Recognizing the risk but choosing not to take any
specific action to control or reduce it. Self-insurance, where a company chooses
to pay for losses itself rather than take out insurance, is a form of risk
Are you responsible for Business Continuity, Disaster Recovery, or Risk Management
in your organization? Then you may wish to receive a free subscription to the
the monthly Risky Thinking Newsletter. It contains news, opinions
and articles of interest to people working in these areas.
On a forum somewhere in cyberspace, a poster lamented attending a lecture on business continuity. Her impression was that it was just backup. It isn't, but why might she have been given the wrong impression?