The IT Law Wiki
The IT Law Wiki

Definition[]

Aggregate risk is the

total or cumulative amount of exposure associated with a specified risk. Aggregate risk is comprised of two components: significance and likelihood, and does not include the effect of risk strategies, controls or other measures in place to designed to mitigate the effect or reduce exposure to the specified risk.[1]

References[]