Intentional risk is present when someone, such as an employee, supplier, hacker, competitor or foreign government, stands to profit from gaining access to information or functionality.
Three independent risk vectors increase intentional risk:
Access—The easier it is for the attacker to access valuable information or functionality through any type of vulnerability, the higher the risk will be.
- Value—The higher the value of the information (because of the data’s intrinsic value or because of the aggregated value of many individual pieces of data), the higher the risk.
- Anonymity—Higher anonymity translates into reducing the risk of negative consequences for the attacker and, therefore, also increases intentional risk.