Risk
Risk shapes nearly every decision a human being makes, yet the word itself was barely used in English before 1621. The Oxford English Dictionary traces the earliest appearance of "risque" - borrowed directly from French - to that year, with the modern spelling "risk" following in 1655. In the decades after, it spread through the worlds of trade, finance, and governance, filling a gap that older words like "hazard" could only partially cover. What began as a synonym for a source of harm slowly became something far more complex: a lens for understanding uncertainty itself.
The questions risk raises are deceptively simple. How do you measure something that might never happen? How do you compare a small chance of catastrophe against a large chance of minor loss? And why do two people standing before the same danger often see it so differently? The answers pull in economists, psychologists, philosophers, engineers, and public health officials - each with their own definition, their own tools, and their own stakes.
Thomas Blount's "Glossographia" of 1661 defined risk as a synonym for hazard - a potential source of harm. That framing held for centuries. The first and second editions of the Oxford English Dictionary, published in 1914 and 1989, each kept it as the primary definition. Risk meant something that could hurt you.
Samuel Johnson's "Dictionary of the English Language" in 1755 introduced a shift. Johnson's definition pointed toward the chance of harm rather than harm itself - not a thing, but a probability. That reorientation proved durable. Modern dictionaries followed: the Cambridge Advanced Learner's Dictionary defines risk simply as "the possibility of something bad happening."
The institutional definitions that arrived in the twentieth century stretched the concept further. The Association for Project Management, in 1997, defined risk as "uncertain events affecting objectives." The UK Cabinet Office, in 2002, went further still, deliberately broadening the term to cover "positive opportunity or negative threat of actions and events." That move was intentional: the Cabinet Office wanted to encourage innovation in public services, and a purely negative definition of risk discouraged the upside. The International Organization for Standardization, in its ISO 31073 standard, landed on "effect of uncertainty on objectives" - a definition stripped of any assumption that consequences must be bad.
The philosopher Frank Knight had already staked out the deepest distinction in his 1921 work "Risk, Uncertainty, and Profit." Knight argued that risk and uncertainty were categorically different things, not just degrees of the same thing. Risk, in his framing, was measurable - something you could attach a number to and calculate. Uncertainty was something else entirely: immeasurable, resistant to quantification, a fundamentally different animal. Knight's own words drew the line sharply: "a measurable uncertainty, or 'risk' proper, as we shall use the term, is so far different from an unmeasurable one that it is not in effect an uncertainty at all."
Kaplan and Garrick, writing in 1981, proposed that risk could be expressed as a set of triplets: a scenario, a probability for that scenario, and a consequence. Repeat that structure across every plausible scenario, and you have described a risk. Their formulation found its way into ISO Guide 73 and became a standard reference point for formal risk analysis.
When consequences can be expressed in consistent units, the math can go further. Risk becomes a probability density function - a curve that describes the full spread of possible outcomes and their likelihoods. The tail of that curve is where the most dangerous outcomes live. Engineers and safety analysts sometimes focus specifically on the tail by plotting a complementary cumulative distribution function, often on logarithmic scales. Frequency-number diagrams, for instance, show how often in any given year a given number of fatalities might be exceeded.
The most common shortcut is the expected value: probability multiplied by consequence, summed across all scenarios. It reduces a complex distribution to a single number. But that simplification carries a significant assumption. It presumes the decision-maker is risk-neutral - that a twenty percent chance of winning one million dollars feels exactly as desirable as receiving a certain two hundred thousand dollars. Most real decision-makers reject that equivalence. Pascal's mugging, a philosophical thought experiment, highlights the problem from the other direction: outcomes with vanishingly small probabilities but enormous consequences can produce absurdly large expected values, yet few would treat them as genuinely urgent.
Benoit Mandelbrot drew a further distinction that the expected-value framework tends to obscure. Mandelbrot separated what he called "mild" risk from "wild" risk. Mild risk follows normal or near-normal probability distributions and behaves predictably over time - it regresses toward the mean and obeys the law of large numbers. Wild risk follows fat-tailed distributions, such as Pareto or power-law distributions. In the wild case, the mean or variance may be effectively infinite, making the law of large numbers invalid. Mandelbrot argued that treating wild risk as if it were mild was a fundamental and recurring error in risk assessment.
Paul Slovic's "psychometric paradigm" treats risk perception as something that can be measured through surveys. Slovic argues that intuitive emotional reactions are the dominant way humans evaluate risk - not calculation. His research suggests that purely statistical presentations of disasters fail to convey their true weight and fail to motivate protective action. Retrospective studies and evolutionary psychology have supported that position.
The availability heuristic explains one of the most consistent distortions: people judge how likely an event is by how easily examples come to mind. Rare but dramatic causes of death get overestimated. Common, unglamorous causes get underestimated. The gap between the two is amplified by what researchers call an "availability cascade" - a self-reinforcing cycle in which media coverage of a minor event grows until the issue becomes politically significant, making examples even easier to recall and further inflating perceived risk.
Decision theory adds another layer. The right prefrontal cortex, neuroscience research suggests, tends toward global perspectives, while greater left prefrontal activity correlates with local or focal processing. Bounded rationality means that extreme events with very low probabilities are often discounted because the probability is simply too low to grasp intuitively. One of the leading causes of road deaths - drunk driving - illustrates the problem: individual drivers tend to frame the decision by largely setting aside the risk of a serious or fatal accident.
Cultural theory takes a collective view of risk perception. Different cultures select certain risks for attention while ignoring others, not because of miscalculation but as a way of maintaining their particular way of life. The theory uses two axes: the degree to which people are bound to social groups, and the degree of social regulation they accept. Cultural theory can explain why people with different worldviews struggle to agree on whether a hazard is acceptable, and why risk assessments persuade some audiences and not others. Evidence for the theory's predictive power, however, remains limited in quantitative terms.
Peter Bernstein, writing in 2012, traced how merchants and investors made risk estimates long before statistics and probability theory existed. Captains and traders met at coffeehouses to compare voyage stories, sharing information about hazards on unfamiliar routes and the patterns of different seasons. A web of correspondents carried letters across long distances, updating beliefs about weather, wars, and piracy. These qualitative networks let underwriters and investors judge how dangerous a proposed voyage felt - without a formula in sight.
That history led philosophers to ask a harder question: was this just primitive guesswork, or something legitimate in its own right? Ebert and colleagues, in a 2020 paper, drew a line between what they called risk monists and risk pluralists. Monists, among them Tversky and Kahneman, held that probability judgments which deviated from the mathematical rules of probability were simply wrong. Pluralists held that there were different valid notions of risk, and that pre-statistical methods of estimation might have been doing something genuinely reasonable - even if the answers sometimes conflicted with later statistical results.
Two philosophical accounts of risk have emerged from this debate. The modal account holds that a situation is risky when nearby possible worlds - scenarios that differ only slightly from the actual one - contain serious harm. On this view, a low-probability disaster can still count as high risk if only a small change in circumstances would have produced it. The normic account holds that a situation is risky when the bad outcome would be normal or unsurprising given how the current setup tends to unfold. The less departure from normality required for harm, the greater the risk. In domains where predictive power is weak - suicide risk is one example the literature offers - the normic account allows analysts to reason about risk without needing to specify a probability.
Anthony Giddens and Ulrich Beck drew a distinction that changed how sociologists thought about modern danger. Premodern societies faced risks - natural disasters, disease, famine - that were typically understood as external forces, acts of nature or of gods. Modern industrial societies, by contrast, generate risks that are products of the modernization process itself: pollution, chemical contamination, systemic financial failure. Giddens named these two categories external risks and manufactured risks. The term "risk society" was coined in the 1980s and gained wide currency through the 1990s, partly because it connected to growing environmental anxieties of that decade.
The concept carries a practical edge in human services. John O'Brien put it directly: "People's autonomy used to be compromised by institution walls, now it's too often our risk management practices." The concern is that risk aversion in health, social care, and disability services has become a barrier to independence rather than a protection. Michael Fischer and Ewan Ferlie, writing in 2013, found that when formal risk controls collide with the emotional and ideological dimensions of human services work, the result can be sustained and sometimes irresolvable conflict.
The international standard ISO 31000 sits at the center of formal organizational risk management today. It defines risk assessment in terms of three sequential steps: risk identification, risk analysis, and risk evaluation. The UK Health and Safety Executive developed the tolerability of risk framework, which divides risks into three bands. Unacceptable risks are permitted only in exceptional circumstances. Tolerable risks are kept as low as reasonably practicable - a principle abbreviated as ALARP - by weighing the costs and benefits of further reduction. Broadly acceptable risks require no further action. The ALARP principle, in particular, has spread well beyond its origins in British workplace safety into environmental regulation and critical infrastructure planning.
Up Next
Common questions
What is the origin of the word risk in English?
The Oxford English Dictionary traces the earliest English use of the word "risk" - spelled "risque" from its French original - to 1621, with the modern spelling appearing in 1655. It entered the language initially as a synonym for "hazard," meaning a potential source of harm.
What is the difference between risk and uncertainty according to Frank Knight?
Frank Knight, in his 1921 work "Risk, Uncertainty, and Profit," argued that risk is measurable - it can be attached to a number and calculated - while uncertainty is immeasurable and cannot be quantified. Knightian uncertainty is therefore categorically different from risk, not simply a more severe form of it.
How does ISO 31000 define risk assessment?
ISO 31000 defines risk assessment as the overall process of risk identification, risk analysis, and risk evaluation, taken in sequence. Risk identification finds and records risks; risk analysis determines their nature and level; risk evaluation compares estimated risk levels against criteria to guide decisions on treatment.
What is the difference between mild risk and wild risk in Benoit Mandelbrot's theory?
Mandelbrot defined mild risk as risk that follows normal or near-normal probability distributions, subject to regression to the mean and the law of large numbers, making it relatively predictable. Wild risk follows fat-tailed distributions such as Pareto or power-law distributions, where the mean or variance may be effectively infinite, making accurate prediction difficult or impossible.
What is Paul Slovic's psychometric paradigm of risk perception?
Paul Slovic's psychometric paradigm holds that risk is subjectively defined by individuals and can be measured through surveys. Slovic argues that intuitive emotional reactions are the dominant way humans evaluate risk, and that purely statistical approaches to disasters fail to motivate adequate protective responses.
What is the ALARP principle in risk management?
ALARP stands for "as low as reasonably practicable" and is a principle developed within the UK Health and Safety Executive's tolerability of risk framework. It applies to tolerable risks - those that fall between broadly acceptable and unacceptable - and requires organizations to weigh the costs and benefits of further risk reduction before deciding how much reduction is warranted.
All sources
86 references cited across the entry
- 1webRisk
- 2webGlossarySociety for Risk Analysis
- 3iso standardISO 31073:2022 — Risk management — Vocabulary
- 5journalDefining RiskB Fischhoff et al. — 1984
- 6iso standardISO 31073:2022 — Risk management — Vocabulary — risk
- 7iso standardISO/IEC Guide 73:2002 — Risk management — Vocabulary — Guidelines
- 10iso standardISO 31073:2022 — Risk management — Vocabulary — threat
- 11bookGlossographia, or, A dictionary interpreting all such hard words of whatsoever language now used in our refined English tongueThomas Blount — 1661
- 13bookProject Risk Analysis and Management GuideAssociation of Project Management — 1997
- 14bookRisk: Improving government's capability to handle risk and uncertaintyCabinet Office Strategy Unit — 2002
- 15bookA Practical Introduction to Security and Risk ManagementBruce Newsome — SAGE Publications — 2013
- 16journalThe Merging of Risk Analysis and Adventure EducationPreston B. Cline — 3 March 2015
- 17bookEconomic Theory of Risk and InsuranceAllan Willett — Columbia University Press — 1901
- 18bookRisk, Uncertainty and ProfitFrank Knight — Boston, New York, Houghton Mifflin Company — 1921
- 19journalThe History of Insurance: Risk, Uncertainty and EntrepreneurshipPietro Masci — Spring 2011
- 20journalMarket Risk, Interest Rate Risk, and Interdependencies in Insurer Stock Returns: A System-GARCH ModelJames M. Carson et al. — 2008
- 21webGlossary and acronymsLloyd's
- 22journalPortfolio SelectionH. Markovitz — March 1952
- 23bookThe Failure of Risk Management: Why It's Broken and How to Fix ItDouglas Hubbard — John Wiley & Sons — 4 Mar 2020
- 24journalContributions to the Theory of Statistical Estimation and Testing HypothesesA Wald — 1939
- 26bookAn Assessment of Accident Risks in U.S. Commercial Nuclear Power PlantsRasmussen — US Nuclear Regulatory Commission — 1975
- 27bookQuantitative Risk Assessment – The Scientific PlatformTerje Aven — Cambridge University Press — 2011
- 28journalOn the Quantitative Definition of RiskS. Kaplan et al. — 1981
- 30webThreat, vulnerability, risk – commonly mixed up termsThreat Analysis Group — 3 May 2010
- 31webAbout risk assessmentUS Environmental Protection Agency — 3 December 2013
- 32journalEnvironmental Risk Analysis: Problems and Perspectives in Different CountriesBhola Ram Gurjar — 2002
- 34bookA guide to the project management body of knowledge (PMBOK guide).Project Management Institute — 2013
- 36webIEC 31010:2019 Risk management — Risk assessment techniquesISO — July 2019
- 37bookA Guide to Quantitative Risk Assessment for Offshore InstallationsCentre of Marine and Petroleum Technology — 1999
- 38bookNomenclature for Hazard and Risk AssessmentDavid Jones — Institution of Chemical Engineers — 1992
- 39bookArbitrage theory in Continuous TimeTomas Björk — Oxford University Press — 2004
- 40bookThe (mis)Behaviour of Markets: A Fractal View of Risk, Ruin and RewardMandelbrot, Benoit and Richard L. Hudson — Profile Books — 2008
- 41bookRisk Assessment and Risk Management in Regulatory Decision-MakingPresidential/Congressional Commission on Risk Assessment and Risk Management — 1997
- 42bookAS/NZS 4360:1999 Risk ManagementStandards Australia & Standards New Zealand — 1999
- 43bookRisk: Improving government's capability to handle risk and uncertaintyCabinet Office — 2002
- 44webRisk managementCenter for Chemical Process Safety
- 45journalRisk Management Strategies in the Global Business Environment: Analysis of Complex Dependencies and Effectiveness of MeasuresMaryna Baldzhy — 2023-12-25
- 46bookFundamental TechniquesBruce Lyon — John Wiley & Sons — 2016
- 47bookHarmonised Risk Acceptance Criteria for Transport of Dangerous GoodsEuropean Commission — 2014
- 48bookThe Tolerability of Risk from Nuclear Power StationsHealth and Safety Executive — 1992
- 50webRisk Transformation: Understanding the Role of Data, Analytics and Technologydeloitteeditor — 11 April 2017
- 51webDefinition: Risk transfer UNDRR2009-01-23
- 52bookThe Psychology of RiskGlynis Breakwell — Cambridge University Press — 2014
- 53journalThe Evolution of Risk-TakingLee Dugatkin — 2013
- 54journalJudgment under Uncertainty: Heuristics and BiasesAmos Tversky et al. — 1974
- 55bookThe Perception of RiskPaul Slovic — Earthscan — 2000
- 56journalAvailability Cascades and Risk RegulationTimur Kuran et al. — 2007
- 57bookThinking, Fast and SlowDaniel Kahneman — Penguin Books — 2011
- 58journalRating the RisksPaul Slovic et al. — 1979
- 59journalPerception of riskP Slovic — 1987
- 60bookThe Feeling of RiskPaul Slovic — Routledge — 2010
- 61journalFears, phobias, and preparedness: Toward an evolved module of fear and fear learningA Öhman et al. — 2001
- 62journal9/11, Act II: A fine-grained analysis of regional variations in traffic fatalities in the aftermath of the terrorist attacksW. Gaissmaier et al. — 2012
- 63journalJudged frequency of lethal eventsS Lichtenstein et al. — 1978
- 64journalWhen dread risks are more dreadful than continuous risks: Comparing cumulative population losses over timeN. Bodemer et al. — 2013
- 65journalCo-residence patterns in hunter-gatherer societies show unique human social structureKR Hill et al. — 2011
- 66journalEvolutionary hypotheses of risk-sensitive choice: Age differences and perspective changeXT Wang — 1996
- 67bookRisk and Culture: An Essay on the Selection of Technological and Environmental DangersMary Douglas et al. — University of California Press — 1982
- 68webA short summary of grid-group cultural theory10 March 2010
- 69journalAsymmetries in visual-spatial processing following childhood strokeJ. Schatz et al. — 2004
- 70journalOn the role of response conflicts and stimulus position for hemispheric differences in global/local processing: An ERP studyG. Volberg et al. — 2004
- 71journalOn the other hand, am I rational? Hemisphere activation and the framing effectT. McElroy et al. — 2004
- 72journalRisk Assessment Under Perceptual Ambiguity and its impact on category learningMoran Cerf — October 4, 2022
- 73journalHow Believing in Ourselves Increases Risk Taking: Perceived Self-Efficacy and Opportunity RecognitionNorris Krueger, Jr. et al. — May 1994
- 74journalSelf-reported risk-taking and sensation-seeking behavior predict helmet wear amongst Canadian ski and snowboard instructors.Maxime Masson et al. — October 2019
- 75journalRisk Aversion and Expected-Utility Theory: A Calibration TheoremMatthew Rabin — 2000
- 76journalRisk aversion and incentive effectsC. A. Holt et al. — 2002
- 77journalAnomalies: Risk AversionMatthew Rabin et al. — 1 February 2001
- 78journalFast & slow decisions under risk: Intuition rather than deliberation drives advantageous choicesA. Voudouri et al. — 2024
- 79bookAgainst the Gods: The Remarkable Story of RiskPeter L. Bernstein — Wiley — 2012
- 80journalVarieties of RiskPhilip A. Ebert et al. — September 2020
- 81bookThinking, fast and slowDaniel Kahneman — Farrar, Straus and Giroux — 2013
- 82journalRiskDuncan Pritchard — July 2015
- 83journalBeyond prediction: a new paradigm for understanding suicide riskRené Baston — 2024-07-10
- 84journalA positive approach to risk requires person-centred thinkingM Neill — October 2009
- 85journalResisting hybridisation between modes of clinical risk management: Contradiction, contest, and the production of intractable conflictMichael Daniel Fischer — 1 January 2013
- 86bookRisk society: towards a new modernityUlrich Beck — Sage Publications — 1992