Being or having an unknown or unnamed source. An unrecognized and/or unclassified risk. Unidentified risks may fall into several categories: (1) The category of “unknown unknown” risk might include, for example, completely new cyberattacks that cannot be anticipated. Emerging risks that no one has ever seen before, such as viruses that are not based on existing known virus signatures may be launched, with the virus remaining unidentified until the attack has already hit an organization. (2) “Known unknown” (unidentified) risks would include the consequences of an action that may have future impacts that cannot be fully anticipated. An example of a “known unknown” risk could involve the absence of a risk assessment program or classification process, which could be expected to result in risks being unidentified, causing exposure to unidentified threats and treatments that result in business disruption.