Interactive Article Presentation · UDC 330.131.7

Risk-Based Evaluation of Optimal Strategies in E-Commerce

A systematic algorithm that quantifies entrepreneurial risk in online trade — turning probability-statistical indicators into a defensible choice of strategy.

Mykola Mormul · ORCID 0000-0002-8036-3236 Dmytro Shchytov · ORCID 0000-0003-4306-8016 Olexandr Shchytov · ORCID 0000-0002-1435-2918
JEL: D81 · L86 · G32 DOI 10.32342/3041-2137-2026-2-65-13 CC BY 4.0
Abstract

Protecting online business before risk materializes

As digital technologies grow and electronic transactions multiply, shielding businesses and their customers from potential threats becomes increasingly urgent. The work analyses the main risks of e-commerce — cybercrime, technical issues, legal matters, financial threats, and reputational losses — and the methods that identify, assess, and mitigate them.

Purpose

Systematize the indicators

Quantify e-commerce business risk with probability-statistical methods, build interval estimates of each strategy's effectiveness, and determine the risk type of every strategy.

Relevance

A growing digital exposure

Rising transaction volumes make the protection of businesses and customers from potential threats more relevant than ever.

Scientific novelty

A risk-minimization algorithm

A systematic approach across four stages: risk identification, impact assessment, management-strategy development, and monitoring the effectiveness of the measures implemented.

Validation

Tested on real cases

Applied to real e-business cases, the algorithm reduced the likelihood of negative events and minimized potential losses, markedly improving risk management.

9
e-commerce risk types
19
variation indicators
5
risk-management approaches
6×5
strategy × audience matrix
5
risk zones
Risk taxonomy · Table 1

The nine risks of online trade

In e-commerce, sellers and consumers face many threats at once. Each risk is paired with the monitoring sources and mitigation measures the study identifies.

RISK 01

🛡️Data Protection & Cybersecurity

Malicious actors may attempt to access sensitive customer data such as financial information, personal details, and logins. Reliable protection systems and regular updates are crucial.
Mitigation

Reports from Symantec, McAfee, or organizations such as ENISA (European Union Agency for Cybersecurity) provide data on cybersecurity levels and protection methods.

RISK 02

⚠️Fraud

Online stores may become targets of fraudulent schemes such as fake transactions or the use of stolen credit cards. Systems to verify and authenticate transactions are important.
Mitigation

Organizations like Verizon or IBM provide reports and statistical data on fraud and cybercrime that should be carefully monitored.

RISK 03

🚚Logistics

E-commerce often relies on suppliers and logistics companies, which may lead to delivery delays or order-fulfillment errors.
Mitigation

The use of artificial intelligence can help streamline logistics processes.

RISK 04

🖥️Technical Issues

Websites may face technical failures or hosting problems that affect the availability and functionality of online stores.
Mitigation

Technical risks depend on the reliability of third-party services (hosting, payment systems). A recovery plan and business-continuity measures are necessary, aided by hosting-provider publications, incident analytics, and IT-community studies.

RISK 05

⚖️Regulations

Compliance with legislation and regulatory requirements across countries can be challenging. Violations may result in fines or legal issues.
Mitigation

Data-protection regulations (GDPR in the EU, CCPA in California) are governed by legislative acts. Constant changes in legislation may require frequent updates to policies and procedures.

RISK 06

💬Customer Conflicts

Product returns, misunderstandings in product descriptions, or poor product quality can lead to conflicts with customers and damage the company's reputation (reputational risk).
Mitigation

Monitoring and analysing reviews, and promptly responding to them on social-media platforms, is an important task for any e-commerce business.

RISK 07

🕸️Hacker Attacks

Break-ins, website attacks (DDoS), and other cybercrime can damage the business and its reputation. Major threats include phishing, viruses, malware, and infrastructure attacks — from small incidents to large-scale ones.
Mitigation

There are specialized protection programs against such attacks, which should not be skimped on.

RISK 08

📊Competition

The large number of online stores may complicate market entry and customer attraction. Small businesses may find it difficult to compete with larger players.
Mitigation

Each business has its own strategy for addressing this challenge.

RISK 09

💸Financial Risks

Entrepreneurs must choose products (assortment, volume), the target audience, the sales strategy, the market segment, and the website. Each decision point carries its own risk of "losing money".
Mitigation

Constantly monitor analytics from financial consultants, banks specializing in e-commerce, and agencies tracking financial losses from fraud. Security-technology costs may be significant but are not critical for protecting the business.

Classification

From risk-free to catastrophic

Risk in business operations is mapped onto distinct zones. Each is bounded by relationships between losses, profit, revenue, and the enterprise's own funds — and matched to a numeric coefficient-of-variation band.

I

Risk-Free Zone H = 0

No losses are expected during business operations.

II

Minimal & Low-Risk Zone H ∈ (0 ; 0.25]

Losses may occur but stay smaller than the expected profit (Ex < Pr).

III

Acceptable Risk Zone H ∈ (0.25 ; 0.5]

Possible losses do not exceed expected profit (Ex ≤ Pr). At worst the business loses all profit; under favorable conditions, losses are minimal.

IV

Critical Risk Zone H ∈ (0.5 ; 0.75]

Losses may exceed profit but not revenue (Ex > Pr, Ex ≤ Rv).

V

Catastrophic Risk Zone H ∈ (0.75 ; 1]

The most dangerous zone — losses may exceed revenue and reach the value of the business's assets (Ex > Rv, Ex ≤ Of).

Risk coefficient

where H — ratio of possible losses to the enterprise's own funds; Pr — profit; Rv — revenue; Ex — losses; Of — own funds of the trading enterprise.

H = ExOf

Coefficient-of-variation scale

The type of risk is also read directly from the value of the coefficient of variation:

[0 ; 0.1) — minimal risk (almost risk-free)
[0.1 ; 0.25) — low risk
[0.25 ; 0.5) — acceptable risk
[0.5 ; 0.75) — critical risk
[0.75 ; 1] — catastrophic risk

Coefficient of possible losses · Kvi

The ratio of the worst-case result to the expected effectiveness classifies the strategy's risk type.

Kvi = aiminMi
Kvi ≥ 0.9 — minimum
[0.75 ; 0.9) — small
[0 ; 0.75) — acceptable
[−0.3 ; 0) — critical (justified)
< −0.3 — catastrophic (unacceptable)
Risk management · Table 2

Five approaches to managing risk

These directions not only reduce the likelihood of negative consequences but enable more effective management of operations — lowering the risk level while increasing potential profit.

1

Risk Avoidance

Avoiding doubtful partners, suppliers, or risky projects and decisions.

2

Risk Compensation

Strategic planning, monitoring the socio-economic environment, forecasting economic situations, active marketing, and other measures that minimize negative consequences.

3

Risk Retention

The company does not compensate for losses but creates reserve funds (cash or physical), self-insurance funds, or attracts external funding through loans or grants.

4

Risk Transfer

Insurance, factoring agreements, guarantees, and hedging (e.g. exchange deals) that transfer part of the risk to other parties.

5

Risk Reduction

Diversification (spreading assets across areas), obtaining additional information for better forecasting, and limiting risks (e.g. setting loss limits).

Quantification · Table 3

Methods for quantifying the degree of risk

Eight practical methods are available for measuring risk in an enterprise, each with its own field of application.

1

Probability-statistical

Uses data on past results to assess the probability of future events — the degree of variability and the probability of losses or profits.

2

Expert assessments

Based on the opinions and experience of experts. Useful when accurate statistical data is absent or insufficient.

3

Analytical & calculation

Construction of various mathematical models for risk analysis and assessment.

4

Normative

Uses established standards or regulations to determine acceptable levels of risk.

5

Cost-benefit analysis

Assesses risk by the ratio of costs to possible benefits, helping determine the optimal level of risk.

6

Analog

Uses the experience of other enterprises or projects with similar conditions to assess risk.

7

Decision tree

Evaluates different decision options and their likely consequences to choose the least risky one.

8

Rating

Assesses risk using ratings determined from assessments of various risk factors.

Research methods

How the study was conducted

ComparativeComparing risk-minimization strategies across companies and authors.
GeneralizationIntegrating results into coherent, broadly applicable recommendations.
EmpiricalCollecting and analysing real-world e-commerce risk data.
Statistical analysisProcessing data to reveal trends, risk levels, and effectiveness.
ModelingBuilding risk models that predict outcomes of risky situations.
ForecastingPredicting future challenges from current trends and findings.
Quantitative core

The indicator system

Risk is assessed with probability-statistical variation indicators, divided into absolute and relative values, completed by an interval estimation of strategy effectiveness. The player holds m strategies Ai; "nature" takes one of n states Pj with probability qj.

j = 1, …, n ;   Σj=1n qj = 1

Absolute Variation indicators

1Mathematical expectation of effectiveness
Mi = Σj=1n aij · qj

The most likely value of profit or loss. The larger (smaller) it is, the better the i-th strategy.

2Dispersion (variance)
Di = Σj=1n (aij − Mi)² · qj

Weighted average of squared deviations from Mi. High variance signals high uncertainty and risk.

3Standard deviation
σi = √Di

Degree of dispersion of profit (or loss) around Mi. The smaller it is, the more reliable the strategy.

4Semivariation
SVi = Σj=1n αj · qj · (aij − Mi

With threshold αj, the additive SVi+ and negative SVi separate favorable from unfavorable deviations from Mi.

5Semiquadratic deviation
SSVi = √SVi ;  SSVi+ = √SVi+ ;  SSVi = √SVi

Positive and negative semi-quadratic deviations describe upside and downside spread of the strategy.

6Favorable / unfavorable deviations
VZi = Σj=1n αj · qj · (aij − Z)

Conditional expectations relative to a planned indicator Z (here Z = Mi), giving VZi+ and VZi.

7Average linear deviation
di = Σj=1n |aij − Mi| · qj

The smaller it is, the more reliable the corresponding strategy.

8Asymmetry (skewness) coefficient
Asi = 1σi3 Σj=1n (aij − Mi)³ · qj

|As|<0.1 almost symmetrical; 0.1–0.3 insignificant; 0.3–0.5 moderate; ≥0.5 significant asymmetry.

9Coefficient of excess (kurtosis)
Exi = 1σi4 Σj=1n (aij − Mi)⁴ · qj − 3

Ex ≥ 0 peaked, Ex < 0 flat-topped. Higher concentration near Mi means a more reliable strategy.

10Range of variation
Ri = maxj aij − minj aij

The larger it is, the greater the risk of the corresponding strategy.

Relative Variation indicators

11Quadratic coefficient of variation
Vσi = σiMi

The lower the value (profit matrix), the better the risk-to-effectiveness ratio.

12Risk coefficient
KRi = SSViSSVi+

How many times the possible decrease in profit can exceed the possible increase. Smaller = lower risk.

13Coefficient of semivariance
KSi = SSViMi  or  KSi = SSVi+Mi

Accounts only for negative deviations from the expected value. The smaller it is, the less risky the strategy.

14Linear coefficient of variation
Vdi = diMi

The lower the value (profit matrix), the better the risk-to-effectiveness ratio.

15Expected loss ratio
KZi = |VZi|VZi+ + |VZi|

Ratio of expected losses to expected profits plus losses, KZi ∈ [0;1]. KZi = 0 → no additional losses expected.

16Variation of asymmetry
VAsi = lAsiMi ,   lAsi = {1/(Asi + 1),   Asi > 01 − Asi,   Asi ≤ 0

The smaller it is, the less (or more) risky the strategy for the profit and loss matrices respectively.

17Variation of kurtosis
VExi = lExiMi ,   lExi = {1/(Exi + 1),   Exi > 01 − Exi,   Exi ≤ 0

The smaller it is, the less risky the strategy for the profit matrix.

18Oscillation coefficient
VRi = RiMi

The smaller it is, the less risky the corresponding strategy for the profit matrix.

19Coefficient of relative risk
ratio of the size of losses to a specific base depending on the type of risk

Tailored to the specifics and type of the assessed risk.

Interval Estimation of effectiveness

Marginal (boundary) error
Δi = tγ · σi√n  (n > 30),   Δi = tγ · si√n  (n ≤ 30)

The maximum possible deviation of a strategy's result from its average. Smaller Δi → safer, more reliable strategy.

Corrected standard deviation
si = σi · √n/(n − 1) ,   tγ = t(α = 1 − γ, ν = n − 1)

tγ from Student's distribution (two-sided region); γ — confidence, α — significance, ν — degrees of freedom.

Confidence limits
aimax = Mi + Δi ,   aimin = Mi − Δi

The interval within which actual profit (or loss) for the strategy can fluctuate.

Range of variation
Riv = aimax − aimin

Calculated from the marginal limits. The larger it is, the riskier the strategy.

Worked example · Table 4

Company "F." — choosing a niche market abroad

The "nature" Bj is the client base (audience); the strategies Ai are niche markets. The marketer's estimated profits (in thousand UAH) form the payoff matrix below. The bottom row holds the probability qj of each audience state.

Strategies · Ai (niche markets)

A1 Books A2 Furniture A3 Dietary supplements A4 Toys A5 Kitchenware A6 Sports equipment

States · Bj (client base)

B1 Women B2 Youth B3 Creative elite B4 Children B5 Businessmen
Ai \ Bj B1Women B2Youth B3Creative B4Children B5Business
A1 Books215195166126103
A2 Furniture17320318517484
A3 Dietary supplements224152134195126
A4 Toys198164143203105
A5 Kitchenware18222617714487
A6 Sports equipment235177143165114
qj probability0.140.280.150.180.25
Results · Tables 5–7

Reading the numbers

Absolute and relative indicators, interval estimates, and the risk type for every strategy — computed in MS Excel and visualized below. Hover any series for the exact figures.

Expected effectiveness Mi

Most likely profit per strategy (thousand UAH). By profit alone, kitchenware (A5) leads.

Risk by coefficient of variation

Quadratic Vσi vs linear Vdi, against the low / acceptable thresholds (0.25, 0.5).

Risk–return map

Expected profit (x) against quadratic coefficient of variation — risk (y). Lower and to the right is better. A3 sits lowest in risk among the high-profit cluster.

Interval estimates of effectiveness

Confidence range [aimin ; aimax] around Mi at t0.99 = 4.6041. A3 has the highest worst-case floor (amin = 80.81) and the tightest band.

Why A3 is steadier — profit profile across audiences

Kitchenware (A5) spikes on youth but collapses on businessmen; dietary supplements (A3) stay balanced across the client base — which is exactly what lowers its variance.

Discussion & recommendation

Three orderings, one decision

The strategies rank differently depending on the lens. Profit favors A5; riskology favors A3. Because all strategies fall within the allowable-risk band, the steadier choice wins.

Recommended strategy
A3 — Dietary supplements

Although A3 is slightly inferior to A6, A5, and A2 in expected profit, the trading company is advised to choose it from the standpoint of riskology: lowest quadratic coefficient of variation, highest worst-case floor, and the best coefficient of possible losses (Kvi = 0.5031).

A6Sports equipment
primary backup
A5Kitchenware
fallback

① By expected profit Mi

A5A6A2A3A1A4

② By riskiness (variation indicators)

A3A6A5A4A2A1

③ By interval estimate & Kvi

A3A4A6A1A2A5

Risk type — all strategies

Coefficient of possible losses → allowable CoV → A3·A4·A6 low, A1·A2·A5 acceptable
Conclusions

What the algorithm delivers

🧭 Comprehensive risk map

The main risk types — financial, technical, legal, and reputational — were identified and classified, with the tasks, methods, and characteristic risk zones of e-commerce set out.

📐 Systematized indicators

Absolute and relative variation indicators were systematized. No single indicator fully reflects riskiness — they are interrelated and must be applied together, weighing the significance of each.

🎯 Dual assessment

A quantitative assessment (system of indicators) plus a qualitative one (interval estimate and risk type), cross-checked through several methods for greater reliability.

⚙️ A tested algorithm

A staged risk-minimization algorithm — identify, assess impact, develop a strategy, monitor — validated on real e-business cases, reducing negative events and potential losses.

🤖 Future direction

Automated risk-monitoring systems and modern technologies such as artificial intelligence and big data are recommended to predict potential threats, adapted to each business model.

🧩 Further development

Refine the system of quantitative indicators and create software complexes for assessing, analysing, and managing risk — supporting better minimization decisions.

The point is not to avoid risk, but to foresee it and choose well.

By complementing qualitative analysis with precise calculation, the algorithm lets a trading company select the best strategy under risk and uncertainty — and thereby increase its competitiveness.

References

Sources

  1. Mormul, M. F., Shchytov, D. M., Shchytov, O. M., Romanchuk, L. A., Chupilko, T. A. (2023). Mathematical analysis of entrepreneurial risks. SWorldJournal, 18, part 1, 120–133. https://doi.org/10.30888/2663-5712.2023-18-01-020 (in Ukrainian)
  2. Shchytov, D. M., Mormul, M. F., Shchytov, O. M., Chupilko, T. A. (2023). Analysis of business risks using a statistical method. International scientific conference (USA) "Organization of scientific research in modern conditions '2023", 17-01, 32–37 (in Ukrainian)
  3. Laws, R. (2022). The Financial Risks of Ecommerce and How to Avoid Them. financialexecutives.org (Accessed 3 January 2025)
  4. Starovoitov, A. (2023). Managing Business Risks in E-commerce: Strategies for Success. linkedin.com (Accessed 3 January 2025)
  5. Chikwendu, N., Okolie, C. (2023). Managing and mitigating cybersecurity risks: Guidance for Small and Medium-sized Enterprises (SMEs). https://doi.org/10.13140/RG.2.2.18280.03842
  6. Brawn, K. (2024). Risk Management Strategies: A Must-know for Online Merchants. trustdecision.com (Accessed 3 January 2025)
  7. Davies, R., Clark, S. (2023). The Legal and Regulatory Challenges of Cross-Border E-Commerce. blog.linkysoft.com (Accessed 3 January 2025)
  8. Urrea, N., Vishkaei, B., De Giovanni, P. (2024). Operational Risk Management in E-Commerce: A Platform Perspective. IEEE Transactions on Engineering Management, vol. 71, 3807–3819.
  9. Tuomi, T. (2021). Risk Management in the Establishment of E-commerce Within Agricultural Spare Part Business. theseus.fi (Accessed 3 January 2025)
  10. Savchenko, S. The essence of risk as an economic category. spilnota.net.ua (Accessed 3 January 2025) (in Ukrainian)
  11. Chornii, V., Hrynchuk, D. (2021). Application of risk management in the competitiveness of the enterprise. Business, Innovation, Management: Problems and Prospects, II Int. Sci.-Pract. Conf., Kyiv, 22 April 2021. Kyiv: Igor Sikorsky KPI, 120–121 (in Ukrainian)
  12. Mormul, M. F., Shchytov, O. M., Shchytov, D. M., Bulanova, N. S. (2010). Quantitative analysis of business risks by statistical method. Economics: Problems of Theory and Practice, vol. 263, in 6 vols., vol. V. Dnipropetrovsk: DNU, 1254–1268 (in Ukrainian)