The way enterprises categorize risk has important implications for how they assess, measure, and treat it. Antiquated categories of risk — such as legal, operational, financial, and strategic — may blind an organization to some of the biggest sources of potential loss because they don’t fall neatly into these groupings. Emerging technology exacerbates this issue as enterprises race to deploy it as quickly as possible, and there is little history from which to learn lessons. This report provides a comprehensive risk taxonomy to help security and risk managers make sure they don’t have any blind spots when categorizing risks, particularly the risks associated with emerging technology.