The following matrix shows an example of how three different risks are plotted on a matrix to reflect those risks' uncertainty.
For example, Risk C was assessed as having a roughly 10% likelihood of eventuating. We might have created the probability distribution using historical data, expert judgement, or a Monte Carlo Simulation.
The main point, however, is that the illustration shows that risk with a 10% likelihood of eventuating is considered most likely to generate losses equivalent to 40% to 50% of organizational equity. But it also shows a slight chance that this risk might also create a 95% loss event.
Using the x-axis to show potential consequences as a percentage of organizational equity is one way to express total loss percentages. Losing 100% (or more) of total equity would be an existential threat to the organization.
Risks that generate losses more significant than 100% of equity have equal 'consequence' ranking to 100% risks. A 500% loss event is the same outcome as a 100% or 125% loss event.
You could replace the x-axis with actual dollar amounts or equally by any risk considered as being existential. The consequence criteria for catastrophic outcomes could involve multiple deaths, massive damage to reputation, etc.
A couple of times a year, I make the Kindle version free so if you'd like a free Kindle version, just subscribe to my mailing list at JulianTalbot.com.
I also consult on a range of topics including enterprise security risk assessments, business leadership, risk management and technology startups. If you'd like a free consultation and advice on any of those topics just book a time via this link. No strings attached. Just good old-fashioned advice and expertise. Crazy if you don't.