There are three types of risk.  High, medium and low.  These refer to the risk of damage or prejudice arising to an individual (or individuals) in the event of a data breach.