Overall quantitative business risk is best expressed as a product of which two factors?

The correct choice underscores a fundamental principle in risk management: overall quantitative business risk can be effectively assessed as a product of the likelihood of an event occurring and the magnitude of its impact when it does occur. This relationship captures both the probability that a risk will materialize and the potential consequences, thereby providing a comprehensive view of the risk's significance to the organization.

Quantitative business risk involves measuring both components. The likelihood factor assesses how probable it is that a certain risk will occur, which helps in prioritizing risks based on their expected frequency. Meanwhile, the magnitude of impact indicates the severity of consequences should the risk occur, enabling organizations to gauge the potential extent of damage or loss. By quantifying these two elements together, organizations can prioritize risks based on which could inflict the most significant harm.

In contrast to this correct answer, focusing solely on magnitude of impact or likelihood of exploitation does not encompass the complete risk picture, as they omit essential information regarding either the frequency or severity of risks. The judgment of the risk assessment team, while valuable, is subjective and varies widely based on individual perceptions, which does not provide a reliable quantitative basis for decision-making in risk management.