There is no such thing as information security risk, according to a panel of security professionals speaking at the Infosecurity Europe 2013 conference in London; the only risk that matters within any organisation is the risk to the bottom line.

http://www.cio.com/article/732299/There_is_No_Such_Thing_as_Information_Security_Risk