Risk in Space Startups
It is hour four of a design review. After a tense discussion, a slightly defensive member of company leadership says, "It's never too late to do the right thing". The venerable reviewer across the table sighs at this and mutters, "Would that that were true..."
Why Space Startups Fail Quietly
What we do in the space industry is inherently risky. Most startups fail1. Most space startups fail years before they run out of money due to defects that are baked into the way that they operate, many before they launch a single vehicle. Though launch is by no means a guarantee of mission success2. Exposing the defects a program is carrying before they cause problems is a core feature of an effective risk management capability.
By necessity, we develop systems in a completely different environment from where they are deployed and operated. Risk management allows us to systematically and consistently deploy resources so that the only things left to chance are those truly outside our control. This article lays out a simple, immediately deployable risk management framework that doesn't require a giant binder or a full Class A NASA process.
We are so used to consumer electronics "just working" in our daily lives so it's easy to forget the amount of effort that goes into development and failure recovery. That engineering and failure recovery effort is amortized over 10,000-10,000,000 units3; costs that virtually no space program can distribute in the same way. In space, the lowest band of that production range is on the horizon, but I'd wager the median quantity produced across all unique space hardware configurations operating today is in the low single digits4.
The long development cycles on these systems5 and vast and varied engineering knowledge bases required to develop them make managing space-system development difficult. Engineers that are proficient in their respective disciplines are both useful in the development of these systems and at identifying the likelihood of specific problems arising in the context of that program. A lightweight risk process channels that intuition into a structure the whole program can act on.
Why Risk Management Fails in Most Programs
Risk management is baked into the canon of space mission development6, but is often applied poorly and as an afterthought. Many programs throw together some risks for a risk slide as a design review deliverable that won't get updated until a few days before the next design review. That makes it feel like busy work for whoever is putting it together because, for the person stuck with putting risks together only to check a box in the review, it is. Risk management done once per quarter is not risk management; it's theater.
Like other abstract and preventative engineering endeavors (systems, quality, etc.), risk management is nearly invisible when it's working well. But for it to work at all, it must be tailored to the mission, team, and company culture that's deploying it.
A well-run Risk Management effort eliminates fear, uncertainty, and doubt (FUD) by aligning the team to the risk approach that should have been explicitly set at the beginning of the program.
A Lightweight Framework for Busy Teams
NASA defines risk as “the potential for shortfalls with respect to achieving explicitly established and stated objectives.”7 Less generically, a risk is a future, uncertain event that could negatively impact the project if it comes to pass and is within your organization's ability to mitigate. Mitigation isn't prevention, but is some action undertaken to lessen the likelihood and/or impact of an identified risk. Likelihood is exactly what you'd expect, a percentage chance of the risk taking place. Impact is the quantifiable negative consequence that will be experienced.
Of all of the different types of risk, the two I'm going to focus on are Programmatic Risks and Technical Risks. Programmatic risks cover items that will prevent you from ever getting to launch. Technical risks are, once the spacecraft is launched, how will its performance (and thus capacity to provide a return on investment) be affected. The impact values associated with programmatic risks are schedule and cost. The impact values associated with technical risks are on the spacecraft's return. Degraded pointing knowledge of a vehicle will result in lower data throughput, which directly reduces mission return.
The typical "stoplight chart" heat map of risks that you see are populated by normalizing the likelihood and impact on scales of 1-5 (5 being most likely/mission ending). The values that correspond to each likelihood and impact need to be agreed upon at the start of your risk management effort. Strictly speaking, you don't need to use a 5x5 representation of your risks in order to manage them. The 5x5 grid is simply a common shorthand to avoid parsing dozens of long-form likelihood-impact descriptions.
Your typical 5×5 risk matrix in a slightly prettier format than the excel doc your current program is using.
Collecting risks from your team, assigning impact and likelihood values, and being able to look at them objectively is the first and hardest step. This is especially true if the program or company culture to date hasn't explicitly championed risk identification. From there, it's as simple as determining the threshold for unacceptable risks and triaging above that threshold.
Other useful risk metadata to capture:
Owner - Accountability is key. A person is more accountable than a role, use their name. They don't have to be an expert in the topic, but they're responsible for getting that risk the attention that it needs
Status - Have you done anything about this risk yet?
Realization Date/Milestone - Risks are negative occurrences, write down when they are likely to occur, this can help in triage. What's more detrimental to your program, a risk of score 8 happening next week or 20 in 18 months? That's for your team to decide, but if you capture that ahead of time you will have visibility into that
Category/Root Cause (optional) - Helpful for spotting systemic issues without FMEA overhead.
Tags/Other Metadata - Information on subsystem, activity, etc. that can help organize and segment your growing risk register
How to Start Tomorrow
Developing a culture of risk management can take time, especially for a new team. It takes trust, effort, and understanding. On the leadership side, it takes setting aside some time for your team to look at risks together (30 minutes, once a week).
Collect risks - provide your team with a definition for risks, ask them to quantify it with likelihood expressed as a percentage, and what the impact would be to the mission
Define thresholds - identify impacts that would be "program killers", set those as your 5s in your impact definitions and work your way down, for a $20M small satellite mission with a 3-year development schedule, your programmatic risk thresholds might be as shown below
Weekly review - spending time weekly on risk management builds up you and your team's risk management muscles and improves its effectiveness
Use a tool that visually communicates to all involved the health of your program from a risk management perspective. I've done this a million times in excel, Jira, and other tools, but I humbly submit my own Risk Matrix Dashboard, it's free and stores data locally in your browser
Cost and schedule thresholds to your 1-5 Impact ranges for programmatic risks.
Second Chances Are Rare
In space missions, second chances are rare. Don't willfully ignore that nagging feeling. Give yourself and your team somewhere to openly discuss mission/program killers in an explicit and constructive way. Identify which potential issues your team has the power to mitigate, and apply your finite resources to burning those risks down systematically. If your team openly surfaces and burns down risks every week, design reviews stop being surprises and start being confirmations.
Further reading:
NASA Risk Management Handbook (SP-20240014019)
Department of Defense Risk, Issue, and Opportunity (RIO) Management Guide for Defense Acquisition Programs
1 Various data sets show that most startups fail. Startup Genome’s analyses suggest that roughly 90% of startups ultimately fail, while U.S. Business Employment Dynamics data from the Bureau of Labor Statistics indicate that only about half of new business establishments are still operating after five years, with survival rates declining steadily thereafter. Failory, “Startup Failure Rate: How Many Startups Fail and Why in 2025,” 2025, https://www.failory.com/blog/startup-failure-rate; U.S. Bureau of Labor Statistics, “Entrepreneurship and the U.S. Economy” (Establishment survival), 2016/updated 2024, Entrepreneurship and the U.S. Economy : U.S. Bureau of Labor Statistics and “Establishment Age and Survival Data,” 2024, https://www.bls.gov/bdm/bdmage.htm
2 A NASA Ames analysis of small-satellite missions launched between 2000 and 2016 found that 41.3% of all small satellites experienced total or partial mission failure: 24.2% were total mission failures, 11% partial mission failures, and 6.1% were due to launch vehicle failures, underscoring that reaching orbit is not the same as achieving mission success. Jacklin, S.A., “Small-Satellite Mission Failure Rates,” NASA/TM–2018-220034, 2019, https://ntrs.nasa.gov/citations/20190002705
3 Consumer electronics markets routinely operate at production scales of hundreds of millions of units per year. For example, analyst Canalys estimates that approximately 1.14 billion smartphones shipped worldwide in 2023 alone, illustrating the kind of volume over which consumer-device development and failure-recovery costs can be amortized. Canalys, “Global smartphone market declines just 4% in 2023 as recovery begins,” 2024, https://www.canalys.com/insights/global-smartphone-market-declined-just-4-in-2023-amid-signs-of-stabilization-302049354.html
4 NASA’s small-spacecraft surveys and commercial analyses show that the smallsat ecosystem spans a very wide range of sizes, configurations, and one-off mission designs, alongside a smaller number of very large constellations (e.g., broadband communications). NASA’s Small Spacecraft Technology State-of-the-Art reports and BryceTech’s Smallsats by the Numbers series together indicate that while a few standardized buses are produced in the hundreds or thousands, many missions are unique or built in very small batches, implying that the median production quantity per distinct small-spacecraft design is likely in the low single digits. NASA, Small Spacecraft Technology State-of-the-Art (e.g., NASA/TP–2014–216648 Rev.1 and subsequent editions), 2014–2022, https://www.nasa.gov/smallsat-institute/sst-soa NASA+1; BryceTech, Smallsats by the Numbers 2023 and Smallsats by the Numbers 2025, 2023 & 2025, e.g. https://brycetech.com/reports/report-documents/Bryce_Smallsats_2023.pdf and https://brycetech.com/reports/report-documents/smallsats-2025/BryceTech_Smallsats-by-the-Numbers-2025.pdf
5 Large flagship space missions typically require many years from formulation to launch. A recent Government Accountability Office (GAO) review of NASA’s major projects reported an average development time of about 92 months (~7.5 years) from the start of formulation to launch readiness for the Artemis lunar program’s major projects. In contrast, small-satellite projects are often explicitly pursued because they can be developed on shorter timelines with lower budgets; community surveys and lifecycle studies of small satellites describe them as having “shorter development times” and reduced costs compared with traditional large spacecraft. U.S. Government Accountability Office, “NASA Lunar Programs: Opportunities Exist to Reduce Risks to Achieving Moon Landing Objectives,” GAO-23-105755, 2023, https://www.gao.gov/assets/d24106256.pdf; Shiotani, B., “A Study of the Small Satellite Community’s Life-Cycle Activities,” AIAA/USU Small Satellite Conference, 2018, https://jossonline.com/storage/2021/08/Final-Shiotani-A-Study-of-the-Small-Satellite-Communitys-Life-Cycle-Activities.pdf S3VI
6 NASA treats risk management as a core, continuous discipline within its Safety and Mission Assurance (SMA) framework. The NASA Risk Management Handbook describes risk management as an integrated, forward-looking process to identify, analyze, plan, track, control, and communicate risks throughout the project life cycle, and it is referenced as standard practice in NASA program and project management policy. NASA, NASA Risk Management Handbook, NASA/SP-2011-3422, 2011, https://ntrs.nasa.gov/citations/20120000033; see also NASA SMA, “Risk Management,” https://sma.nasa.gov/sma-disciplines/risk-management
7 NASA’s Agency-wide risk policy defines risk as “the potential for shortfalls with respect to achieving explicitly established and stated objectives,” encompassing the possibility that actual outcomes may deviate from what is planned or expected. This definition underpins risk management across NASA programs and projects. NASA, NPR 8000.4C – Agency Risk Management Procedural Requirements, 2011 (current as amended), https://nodis3.gsfc.nasa.gov/displayDir.cfm?Internal_ID=N_PR_8000_004C_&page_name=main NoDis3+1