Risks have loss potential and delayed loss. Explain the difference.
Loss potential is what the company woud lose if a threat agent were actually able to exploit a vulnerability. The loss may be corrupted data, destruction of systems and/or the facility, unauthorized disclosure of confidential information, a reduction in employee productivity, and son on. Delayed loss may include productivity over a period, damage to the company's reputation, reduced income to the company, accrued late penalties, extra expense to get the environment back to proper working conditions, the delayed collection from customers, and so forth.