The amount and type of risk an organization is willing to accept in pursuit of its objectives.
Risk appetite expresses how much risk leadership is prepared to take. It guides where the line sits between risks that can be accepted and risks that must be treated, and it should be set by top management.
A clearly stated risk appetite keeps risk decisions consistent across teams. Risk tolerance is a related, narrower concept that sets the acceptable variation around a specific objective.
Related frameworks
KaitoSec