I believe that this definition of risk should be refined. The key difference between risk and uncertainty is that risk can be quantified to some extent, based on data and known factors. In my corporate days I saw risk and uncertainty conflated all the time. I eventually asked a friend and colleague in R&D if their numerical risks assessments, such as 70% POS for some aspect of a project, were based on data or known factors or pulled out of thin air as a best guess. Pretty much pulled out of thin air, it turns out. I knew that instinctively, but it was still a bit of a shock to hear that honest admission. I’m also sure that others in the organization would have disputed that vigorously, because let’s face it, their jobs depended on others believing that ruse.

So why do we conflate risk and uncertainty? I think it’s very basic. We naturally fear uncertainty, and the higher you go up the org chart, the greater uncertainty is despised, because it poses a clear and present threat to people’s career trajectories. Whether it’s R&D, marketing, manufacturing, supply chain, or any other function, uncertainty is always lurking about. Calling it risk and putting it into a box that can be managed gives people a sense of confidence that they can take the appropriate measures to manage the risk. And don’t get me wrong, sometimes they do. But more often this approach fails to detect the real risks lurking in the cloud of uncertainty, leading to lost opportunities.