What defines a low likelihood in risk assessment?

In risk assessment, how likely an event is to happen depends on whether a threat actor has the motive and the ability to exploit a vulnerability, and on whether safeguards are in place to block or significantly slow the exploitation. A low likelihood occurs when the threat source lacks motivation to act, or lacks the capability to exploit, or when existing controls prevent exploitation or make it much harder. When attackers aren’t interested or don’t have the means to carry out the attack, opportunities for success are rare, even if a vulnerability exists. Strong controls—such as proper authentication, patching, segmentation, and continuous monitoring—reduce the chance that an attack will succeed, thereby lowering the likelihood. If an attacker is highly motivated and capable and no safeguards exist, the likelihood is high because the factors that drive exploitation are present. If a vulnerability is unknown, you don’t have enough information to conclude low likelihood—it creates uncertainty about risk rather than establishing a low probability. And if the impact is negligible regardless of the event, that affects the overall risk level, but it doesn’t define the probability by itself; likelihood remains a separate consideration linked to attacker behavior and controls.