Two reports published in the last two days are challenging conventional wisdom about how to calculate enterprise security risk –and recommending new evaluations that account for industry-specific threats and potential rewards. Verizon today issued a supplement to the data breach report it published earlier this year. The report, which compares risk factors in six different vertical industries based on actual forensic breach investigations in those industries, indicates that the likelihood of specific types of attacks varies radically from industry to industry. In a separate report, RSA’s Security for Business Innovation Council recommends a new process for calculating enterprise risk that more accurately weighs business rewards against potential security threats.