Calculate it when you ‣.
aka Failure Exposure
= severity (financial effect) * probability * detectability
See also Failure Mode and Effects Analysis
https://medium.com/@adrianco/failure-modes-and-continuous-resilience-6553078caad5 In addition to the common financial calculation of risk as the product of probability and severity, engineering risk includes detectability. Failing silently represents a much bigger risk than the same failure that is clearly and promptly reported as an incident. Hence, one way to reduce risk is to make systems more observable.