Risks and harms are not the same thing. Often we differentiate by categorising things that ‘might’ happen as risks and harms as things that have happened. This can be helpful, but isn’t always. Risks and harms are a real part of digital transformation. And both can be possible and both can actually happen.
Risks can be things like data breaches, leakages, misuse, unintentional deletion and so on. Ask any IT professional in an organisation and s/he will tell you these are very real things, most of which happen regularly.
Harms can be physical, emotional, spiritual, economic, denial of rights, and so on. So while risks tend to focus on unintended actions happening in systems or with data. Harms are about the impacts the risks have on people or groups.
Perhaps you define them differently, which is ok. Having a definition is the important bit. And assessing the risks and harms in your work is also important. And then mitigating both risks and harms is the essential work.