Risk that affects an entity’s vital interests or execution of chosen strategy, whether imposed by external threats or arising from flawed or poorly implemented strategy.
Sample Usage: An analysis of the organization’s strategic risk considered threats to carrying out its essential mission functions.
- Managing strategic risk is associated with the ability to recognize future trends, challenges, and threats and match these with appropriate operational concepts, capabilities, competencies, and capacity.
- Strategic risk can arise from three basic sources. First, strategic risk can arise from the actions of adversaries, from natural hazards or from non-adversarial human actions, such as accidents. These can be thought of as imposed risks. Second, strategic risk can be created by the unintended consequences of the strategies we adopt in response to imposed risks. These can be thought of as self-imposed risks. Finally, strategic risk can arise from obstacles to successful implementation of an adopted strategy. These obstacles can be either imposed (e.g., the actions of an adaptive adversary to counter a security measure or to exploit an unintended vulnerability created by a security measure) or self-imposed (e.g., failure to adequately resource, or to prematurely abandon, a strategy or course of action that would otherwise be beneficial.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance