What does the term 'opportunity cost' refer to in risk estimation?

The concept of 'opportunity cost' in risk estimation primarily pertains to the potential loss when a risk occurs. This means that when decisions are made regarding risk management, there are inherent costs associated with not addressing those risks adequately. If a risk materializes, the organization faces a loss that could have been mitigated or avoided had different decisions been made regarding the management of that risk.

For example, if an organization chooses not to implement a cybersecurity measure, the opportunity cost would be the loss incurred from a data breach, such as financial loss, reputational damage, and regulatory fines. The focus on potential losses emphasizes the importance of considering not just the immediate costs of action but also the broader implications of failing to act on identified risks. This aligns directly with the notion of opportunity cost, which assesses what is sacrificed in terms of benefits when a certain course of action (or inaction) is chosen.