Define a specific period of time over which that risk event could materialize (e.g., “A data breach will occur for application X in the next 12 months, a loss of availability for system X long enough to incur a productivity loss will occur in the next 5 years, etc.”).
