What is Risk Acceptance in Cybersecurity?
Accepting risk, risk tolerance, or accepted risk is the result after a cost/benefit analysis shows countermeasure costs would outweigh the possible cost of loss due to a risk.
Example: Management has agreed to accept the consequences and/or loss if that risk actually happens. For example, a patch for a vulnerability exists but every time the organization tries to patch the system, the system stops working. The system is mission critical so management decided to accept this risk and not patch the system.