The following formula is used to determine how the potential risk to each data type impacts the potential for an attack by a malicious actor:
Likelihood of data breach X Financial impact = Risk Level
For instance, a low-risk data asset like marketing content could be stored in a high-risk location like a file-sharing tool. If a malicious actor obtains this information, the financial impact on your firm is small and can be classified as low or moderate risk.
Meanwhile, storing a high-risk data asset such as a consumer medical file in a low-risk place, such as a private cloud, could have a significant financial impact. This would be classified as a significant or high risk to your company.