What is Risk Avoidance? And what is the difference between Risk Avoidance and Risk Rejection?
Risk avoidance is the process of determining the impact (consequence) and/or likelihood (probability) of a specific security risk is too great to be offset by the potential benefits and stopping a certain business function because of that senior management decision.
Risk avoidance is the process of selecting alternate options or activities that have less associated risk than the default, common, expedient or otherwise cheap option. Furthermore, risk avoidance is a risk management approach by which organizations change the business practices to eliminate the possibility that a risk will materialize in the first place. And it involves eliminating an identified risk by stopping or removing the activity or technology that causes the risk in the first place. Organizations use this risk management strategy when a particular risk exceeds their acceptable risk appetite or tolerance.
While risk avoidance is accepted risk management strategy, risk rejection is an unacceptable risk treatment option in an organization. Because, denying that a risk exists and hoping that it will not be realized are not valid response to organizational risks.