Why assets matter for risk management in companies
An asset is anything that has value to your business and therefore needs appropriate protection. Assets have value or critical importance because your operations depend on them.
- Assets can be sources of risk
What are the main asset types in small and mid-sized businesses?
- Financial assets
- People (employees)
- Services and utilities (vendors, outsourced services, electricity, internet, water, gas)
- Information assets and data (data, know-how, intellectual property, trade secrets, financial information)
- Technology assets — IT and systems (hardware, software, SaaS, cloud)
- Physical assets: Facilities and equipment (offices, buildings, machinery, tools)
Key asset attributes for risk:
- Criticality: How essential the asset is to your operations or business goals.
- Vulnerability: How susceptible the asset is to threats.
- Exposure: The degree to which the asset is at risk due to its environment or context.
- In risk management, a crucial first step is to inventory, categorize, and assess your assets. This helps plan risk mitigation measures and strengthen overall business resilience.
What problems and risks can affect your assets?
In day-to-day operations, the value of your assets is driven by their availability and quality. In practice, there are three common types of risks and issues that can impact your business:
- Unavailability or loss of an asset means the asset is missing or offline, so related processes can’t run
- Damage to an asset reduces its quality or performance, leading to errors, delays, or poor decisions
- Misuse of an asset means it’s accessed or used by an unauthorized party (e.g., a competitor or attacker)
How to assess the importance (criticality) of an asset for your company
Each asset has a different level of importance based on the potential impact its failure would have on daily operations. For small and mid-sized businesses in the U.S., asset criticality is commonly evaluated across four levels.
- Critical assets are those whose downtime causes an immediate and severe impact on the business, disrupting daily operations or creating major risk. For example, production may stop.
- High-priority assets have downtime that causes significant disruption and cost, but does not immediately threaten ongoing operations.
- Medium-priority assets have loss or downtime that results in limited, manageable impact and can be resolved without major disruption.
- Low-priority assets have loss or downtime that is inconvenient but does not affect core business operations.
Assets from a risk management, security and operational perspective
- since assets are important to the running the business, they must be adequately protected so that the organization does not lose them
- the unavailability or limitation of an asset may endanger or limit the running of business processes
- threats to the assets means that they are a source of risk
- the goal of risk management is to protect assets from them
- every asset has some weaknesses and vulnerabilities that increase the risks