The chance that a given risk scenario will actually occur, used together with impact to rate a risk.
Likelihood is the estimated probability that a threat will exploit a vulnerability and cause an incident. It can be expressed qualitatively, for example low, medium, or high, or quantitatively as a frequency or percentage.
Combined with impact, likelihood determines the overall level of a risk and therefore its priority for treatment.
KaitoSec