As the number of major cybersecurity incidents in 2021 continue to rise many organizations are looking at assessing their cybersecurity risks with an increased focus. There are several methodologies outlined for conducting cybersecurity risk assessments including the IEC 62443-3-2 standard (for more information on the IEC 62443-3-2 methodology for risk assessment see: https://gca.isa.org/blog/cybersecurity-risk-assessment-according-to-isa-iec-62443-3-2) and Consequence-driven Cyber-informed Engineering (CCE) outlined by the Idaho National Laboratory (https://inl.gov/cce/ ). While the IEC 62443-3-2 provides options for considering or not considering likelihood, CCE is a fully consequence driven approach. This raises the question of whether or not cybersecurity risk assessments should consider likelihood? In this webinar we will compare the two different approaches to cybersecurity risk assessment looking at the advantages and disadvantages of each approach to provide practical guidance on cyber risk assessment best practices.