Risk Scoring
Risk scores quantify each risk so your team can prioritize effectively. SecureHive calculates scores automatically based on likelihood and impact ratings, then maps them to risk levels through configurable thresholds.
How scoring works
Risk scores are calculated as Impact × Likelihood. Using a 1–5 scale for both dimensions produces scores from 1 to 25, which map to risk levels through configurable thresholds.
Each risk requires two ratings: an impact level (the potential severity if the risk materializes) and a likelihood level (the probability of it occurring). Both are numerical — typically 1–5 or 1–10 depending on your configuration. You can also provide rationale text explaining why you chose each rating.
Default score thresholds
Out of the box, SecureHive maps scores to four risk levels:
| Level | Score range | Description |
|---|---|---|
| Critical | 20–25 | Requires immediate attention |
| High | 15–19 | Requires prompt action |
| Medium | 5–14 | Should be addressed in due course |
| Low | 1–4 | Monitor and review periodically |
These thresholds are fully customizable — see Configuration for details.
Risk level labels
The default risk levels are Critical, High, Medium, Low, and Informational. You can rename these or add new levels to match your organization’s terminology. For example, you might use “Extreme” instead of “Critical” or add a “Negligible” level below “Low.”
To manage risk level labels, navigate to Risk Management → Risk Level Management and use the Risk Level Options tab.
Do not delete a risk level option that is currently assigned to existing risks. Remove all assignments first.
Customizing score thresholds
To change how scores map to risk levels, navigate to Risk Management → Risk Level Management, open the Score Thresholds tab, set the min and max score for each level, and save.
When configuring thresholds, make sure ranges do not overlap, ranges collectively cover the full scoring range (1 to your maximum possible score), and each risk level has a corresponding threshold range.
AI-assisted scoring
SecureHive’s AI can suggest risk scores based on the risk description, helping assessors make consistent scoring decisions. The AI analyzes the risk statement and recommends both impact and likelihood ratings with explanations. Assessors can accept, modify, or override the suggestions.
The AI can also identify duplicate or overlapping risks across the register and generate risk narrative summaries for board reporting.
Best practices
Use consistent scoring criteria across assessments — document what each rating level means for your organization. Update risk scores regularly as mitigation progresses or the threat landscape changes. Provide rationale for both impact and likelihood to create an audit trail of scoring decisions.