Categories of risk refer to the different types of risks organisations must identify, assess, and manage as part of effective risk management practices. In enterprise and cybersecurity governance frameworks, risks are typically grouped into categories such as operational risk, financial risk, compliance risk, strategic risk, reputational risk, and cyber risk. Categorising risks helps organisations prioritise mitigation strategies, allocate resources effectively, and maintain oversight across complex business environments. In Australia, regulatory frameworks such as APRA standards and cybersecurity guidance from the Australian Cyber Security Centre emphasise structured risk identification and classification. By organising risks into categories, organisations can build clearer risk registers, improve board-level reporting, and ensure that key threats—such as cyber attacks, regulatory breaches, and supply chain vulnerabilities—are properly managed within enterprise risk management programs.

MyRISK supports the use of categories of risk by allowing organisations to define and apply structured taxonomies that improve consistency across assessment and reporting. Clear categorisation helps management see patterns, assign accountability, and compare exposure more effectively. It also enables richer dashboarding and cross-functional reporting.