What risks should we worry about, and when is it okay to let things go? This is a question that those of us dealing with Information Security Risks ask ourselves all the time.

Slate deals with the issue of risk and when it’s worth insuring and which risks we should absorb. They use the example of rental car insurance:

The correct response is to insure yourself only against the big risks, such as your house burning down. As for the dent in the rental car, you will simply have to tell yourself that in the scheme of things, it’s not that important.

Insurance is the classic example of risk mitigation, but everything else we do should be measured against the same standard: Is this a small enough risk to swallow. Unfortunately, we’re not very good at this because:

we find it impossible to put our losses into context. I should recognize that the value of my home fluctuates every hour by more than the value of the cell phone I put through the washing machine-but it will be the loss of the phone that upsets me, and it is the risk of that upset that the phone insurers will try to emphasize.

If you can measure your risks, and put them in context you’ve gone a long way towards knowing what are the right things to focus on. The two best books I’ve read on on he subject are Beyond Fear and Freakanomics.

Risky Business: Should you ever buy rental car insurance? [Slate]