Tech-Risk Dual-Factor Model
- Tech-Risk Dual-Factor Model is a two-component framework that pairs technological potential with a risk variable to generate enhanced economic diagnostics.
- It spans diverse applications—from occupational automation and cyber asset pricing to dual-risk control and tail-risk monitoring—demonstrating its methodological versatility.
- A recurring bottleneck mechanism ensures that risk constraints temper technological assessments, thereby correcting over-optimistic evaluations and guiding practical decision-making.
Searching arXiv for the cited works to ground the article in the referenced papers. The term Tech-Risk Dual-Factor Model denotes a family of two-component analytical frameworks in which a technological variable is coupled to a risk variable to produce a higher-level diagnostic, pricing relation, control rule, or exposure index. In recent arXiv-linked usage, the label appears in at least four technically distinct settings: a market-plus-cyber asset-pricing specification for the cross-section of stock returns, a technical-feasibility-plus-business-risk model for occupational automation, a dual-risk surplus model with R&D and risky-asset controls, and a tail-risk-plus-slope indicator for Internet-finance risk fluctuation (Celeny et al., 2024, Gao et al., 6 Apr 2026, Fahim et al., 2015, Xu et al., 2020).
1. Terminology and scope
The expression does not denote a single canonical equation across the literature. Instead, it names a recurrent modeling pattern in which a first factor captures capability, technological intensity, or investment, while a second factor captures liability, market pricing, financial risk, or temporal risk drift. A plausible implication is that the phrase is best understood as a methodological umbrella rather than a standardized formalism.
| Variant | Paired factors | Primary output |
|---|---|---|
| Occupational automation | Technical Feasibility and Business Risk | , , |
| Cyber asset pricing | Market factor and cyber-risk factor | Cross-sectional return pricing |
| Dual-risk control | R&D spending and risky-asset allocation | Survival or ruin probability |
| Internet-finance fluctuation | Extreme-value VaR and its slope |
The models differ materially in ontology and econometric target. The occupational formulation is a cross-sectional diagnostic of labor-market vulnerability within 1–3 years. The cyber-finance formulation is a factor model for stock returns. The dual-risk control formulation is a stochastic-control problem over firm surplus. The Internet-finance formulation is a univariate tail-risk indicator. Their shared feature is not domain identity but a two-factor architecture in which technological exposure is filtered through a risk bottleneck.
2. Occupational substitution under technical feasibility and business risk
In "Bounded by Risk, Not Capability: Quantifying AI Occupational Substitution Rates via a Tech-Risk Dual-Factor Model" (Gao et al., 6 Apr 2026), the model begins by deconstructing 923 occupations into 2,087 Detailed Work Activities (DWAs). Each DWA receives two ordinal scores: for Tech Level and 0 for Risk Score. These scores are produced by a four-model LLM ensemble 1, with simple averages and nearest-integer rounding: 2
3
The scale semantics are explicit. 4 denotes that current AI cannot close the loop, including high-stakes physical and care tasks, whereas 5 denotes full native LLM replacement for text and data tasks. The risk score rates failure severity from 6 for a typo to 7 for fatality.
The DWA-level automation index is then imposed through a non-linear bottleneck mapping: 8 This specification embeds three substantive constraints stated in the paper: a veto at 9, a cap of 0 when legal liability is severe 1, and full automation only when 2.
Aggregation is Leontief-style at the task level and importance-weighted at the occupation level. For each O*NET task 3 decomposed into DWAs 4,
5
For an occupation 6 with task set 7 and normalized O*NET importance weights
8
the final Occupational Automation Index is
9
The paper interprets 0 as the relative vulnerability of occupation 1 to full automation within 1–3 years.
The empirical distribution is highly uneven. High exposure 2 covers 41 occupations, or 4.4% of the total; medium exposure 3 covers 408 occupations, or 44.2%; and low exposure 4 covers 474 occupations, or 51.4%. The exemplar occupations are sharply polarized: Data Scientist has 5, Editor has 6, Highway Maintenance has 7, and Home Health Aide has 8.
Validation is performed through variance-based Human-in-the-Loop sampling. For each DWA, the ensemble risk variance 9 is computed across the four LLMs, and a 100-DWA subsample is stratified into Consensus Zone 0, Slight Friction 1, and Severe Divergence 2. The expert panel has 3, split into a Technology Cohort 4 and a Risk Management Cohort 5, with “Epistemic Qualification” pre-training. Tech level alignment reaches Spearman 6 with 7. In the Severe Divergence stratum, human experts, especially risk managers, raise risk ratings by about 8 over the AI baseline; an Ordered Logit Model and Wilcoxon signed-rank test both confirm this inflation at 9. The paper designates this non-linear adjustment the Institutional Premium.
Substantively, the model challenges Routine-Biased Technological Change. It reports that non-routine cognitive roles highly dependent on symbolic manipulation face the highest exposure, while unstructured physical trades and high-stakes caretaking roles remain insulated by Moravec’s and Polanyi’s paradoxes plus strict liability. The paper names this pattern Cognitive Risk Asymmetry and hypothesizes an emergent Compliance Premium in which wage resilience correlates increasingly with risk-absorption capacity.
3. Cyber risk as a priced factor in equity markets
In "Cyber risk and the cross-section of stock returns" (Celeny et al., 2024), Celeny and Maréchal construct a cyber-risk factor from SEC 10-K disclosures and then combine it with the market factor in a dual-factor asset-pricing model. The paper states that its machine-learning approach outperforms dictionary methods, uses full disclosure and not devoted-only sections, and generates a cyber-risk measure uncorrelated with other firms’ characteristics.
The text pipeline is specific. Every 10-K filing is broken into natural paragraphs of approximately 40 words after lower-casing, stripping punctuation and numbers, and removing stop-words. The dedicated cyber corpus consists of the 785 MITRE ATT&CK sub-technique descriptions. A Paragraph-Vector (Doc2Vec) model, DBOW version, is trained on the union of approximately 1.7 million paragraphs from year-2007 10-Ks and the 785 MITRE paragraphs with vector dimension 0, window 1, negative samples 2, epochs 3, min-count 4, and subsample 5. At convergence, each paragraph 6 is represented by 7.
Paragraph cyber intensity is measured by cosine similarity to all MITRE sub-technique embeddings 8: 9 Negative similarities are discarded, and the paragraph cyber-score is
0
A typical 10-K has about 600–700 paragraphs, and the model assumes that only the top 1% most cyber-like paragraphs carry latent cyber-risk content. The firm-year cyber-risk score 1 is the average score over that highest 1% subset.
Factor formation is quarterly. Active firms are sorted into 2 equal-population quantiles, value-weighted within each quantile. Letting 3 and 4 denote the highest and lowest cyber-risk quintiles, the cyber-risk factor return is the long–short spread between those groups. The resulting cross-sectional model augments CAPM: 5 Here 6 is the market beta and 7 is the cyber-beta.
The reported pricing results are strong. A portfolio of U.S.-listed stocks in the high cyber-risk quantile generates an excess return of 18.72% p.a. The long–short cyber-risk factor has a significant positive premium of 6.93% p.a., with 8-statistic approximately 9, robust to CAPM, Fama–French 3, Carhart 4, and Fama–French 5 benchmarks. In Fama–MacBeth regressions, the estimated 0 is approximately 1 per month for a one-standard-deviation change in cyber-beta, or approximately 2.16% p.a., significant at the 5% level even alongside standard factors. Gibbons–Ross–Shanken tests reject mispricing for the 5-factor model but fail to reject joint zero alphas once the cyber factor is added, especially when sorting portfolios on size or book-to-market. In Bayesian model selection over all subsets of 2, the best five models all include the cyber factor, and its cumulative posterior inclusion probability exceeds 90%.
The factor is also nearly orthogonal to conventional style factors. The paper reports near-zero correlation with size, HML, MOM, CMA, and RMW, and only about 2% correlation with the market. Alternative definitions, including an expanding average of past cyber scores, exclusion of firms in pure-play cybersecurity ETFs, finer quantiles or different breakpoints, and restriction to Item 1A only, yield very similar premiums and significance. The embedding approach also gives every firm a nonzero score, avoiding the mass-at-zero problem of simple dictionary counts.
4. Dual-risk surplus control with R&D and risky-asset allocation
A different usage appears in "Optimal Investment in a Dual Risk Model" (Fahim et al., 2015), where the exposition adapts a dual-risk corporate-finance setting in which technological investment and financial investment are jointly controlled to minimize ruin probability. The surplus process 3 starts at 4, incurs deterministic running cost 5, and receives stochastic profits through a compound Poisson process. In the uncontrolled case,
6
The controls are 7, interpreted as R&D spending, and 8, the dollar amount invested in a risky Black–Scholes asset satisfying
9
R&D spending raises the profit-arrival intensity from 0 to
1
Under the controls 2, the surplus evolves as
3
where 4 is compound Poisson with intensity 5.
The objective is to minimize ruin probability, equivalently maximize survival probability 6, with ruin time 7. The HJB integro-differential equation is
8
with generator
9
The interior first-order conditions are
0
and
1
For exponential jumps 2 and 3, the model seeks an exponential form 4, yielding explicit controls: 5 The parameter 6 solves
7
Then
8
The comparative statics are stated directly. Higher R&D efficiency 9 increases 00, raises 01, and lowers ruin risk. Higher volatility 02 lowers 03, implying a shift away from risky financial investment and toward R&D. Higher drift 04 raises 05. Higher running cost 06 lowers 07, reduces survival, and may lower 08 if marginal R&D return falls. Higher baseline arrival rate 09 lowers ruin risk and may reduce the need to boost intensity through R&D. In this usage, the dual-factor structure is a co-optimization of an insurance-type technological control and a Merton-style portfolio decision.
5. Internet-finance tail risk as extreme value plus slope
In "Risk Fluctuation Characteristics of Internet Finance: Combining Industry Characteristics with Ecological Value" (Xu et al., 2020), the dual-factor construction combines an extreme-value tail-risk estimate with its time trend to form the Risk Fluctuation Range, or RFR. The daily log return of firm 10 at day 11 is
12
and the excess return is
13
with the risk-free rate approximately zero for the sample.
Tail estimation uses a Peaks-Over-Threshold generalized Pareto fit. For each monthly window, the threshold 14 is set at the 80% empirical quantile of 15, exceedances are defined as 16 for 17, and the generalized Pareto distribution
18
is fitted by maximum likelihood. At confidence level 19, for example 20, the monthly VaR is then computed from the POT estimator given in the paper. The second factor is the month-to-month slope of VaR: 21 RFR is defined identically: 22
The empirical sample covers fourteen representative technology firms from 2015 to 2019: Alibaba, JD, Facebook, Paypal, Ebay, Google, Apple, Twitter, Amazon, Baidu, Tencent, YRD, PPDF, and DNJR. The estimation procedure is monthly, based on daily prices, with an optional aggregate industry RFR formed by stacking or summing firm-level RFR series.
The main findings are that all 14 firms exhibit pronounced cyclical up–down movement in RFR, with peaks around episodes of marketwide stress such as early 2016 and late 2018. Pure-play Internet-finance names YRD, PPDF, and DNJR exhibit RFR swings roughly 2–3 times larger than incumbent technology firms. Threshold sensitivity checks at 75% and 85% quantiles change RFR amplitude by less than 10%, and results also hold at weekly frequency. Correlation-clustering tests indicate that U.S.-listed and China-listed firms retain some home-market commonality in VaR levels, but their RFR correlations are much weaker, which the paper interprets as evidence that RFR strips out pure level effects.
The paper states several assumptions and limitations: stationarity within each month, i.i.d. threshold exceedances following a GPD, sufficient intra-month data for stable 23 and 24, and a univariate design that ignores contagion except through aggregate stacking. It also notes that the method uses only closing-price returns, not intraday information, and that more sophisticated filtering could refine the slope factor. Within those limits, RFR is presented as a fast public-data indicator for detecting when a firm’s tail-risk regime is tilting upward.
6. Comparative interpretation, recurring mechanisms, and common misconceptions
Across these formulations, the first factor is never merely an unconditional technology score. In the occupational model, technical feasibility is explicitly bounded by business risk, legal liability, and physical safety. In the cyber-finance model, textual technological exposure is converted into a traded factor only through cross-sectional portfolio construction and pricing tests. In the dual-risk control model, technological expenditure affects the arrival intensity of profits but must be weighed against immediate cash outflow and risky-asset exposure. In the RFR model, extreme-value risk is not used as a level variable alone but is paired with its slope (Gao et al., 6 Apr 2026, Celeny et al., 2024, Fahim et al., 2015, Xu et al., 2020).
A recurring mechanism is the bottleneck. In occupational automation, a single fatal or high-liability action can collapse the automation score of an entire task through the 25 operator. In cyber asset pricing, the filing-level signal is distilled from only the top 1% most cyber-like paragraphs rather than from the full paragraph distribution. In the dual-risk surplus model, admissible controls are filtered through an HJB supremum and first-order conditions, so neither R&D nor financial allocation can be interpreted in isolation. In RFR, differencing suppresses absolute level effects to isolate fluctuation.
Another recurring theme is disagreement with simpler one-factor narratives. The occupational paper explicitly argues that isolated algorithmic probabilities fail to encapsulate the institutional premium imposed by experts bounded by professional liability. The cyber-finance paper reports that dictionary methods are outperformed by an embedding-based proximity measure trained on full disclosure. The RFR paper argues that pure VaR levels do not adequately capture cyclical fluctuation. A plausible implication is that the “risk” term in Tech-Risk models frequently serves as a correction to over-optimistic capability inference.
Two misconceptions are therefore common. First, the phrase does not denote a unique, field-invariant model; the same label is attached to distinct mathematical objects in labor economics, asset pricing, stochastic control, and tail-risk monitoring. Second, the “tech” factor is not equivalent to realized automation, priced return, or firm survival. Each framework introduces a second factor precisely because technical capacity alone is insufficient for the empirical target under study.
Taken together, these papers show that the Tech-Risk Dual-Factor label has been used to formalize a general proposition: technological potential becomes economically meaningful only after it is filtered through a second dimension of constraint, pricing, liability, or risk propagation.