A potential source of harm that could exploit weaknesses or otherwise affect a system or organization.
A threat is anything that could cause harm to a system, organization, or set of data. In plain language, it is the possibility that a person, event, process failure, or technical condition could lead to a security problem.
Threats matter because cybersecurity is not only about fixing defects. Teams also need to understand what kinds of events or actors could use those weaknesses, what business processes could be disrupted, and what assets are attractive enough to target.
Threat language also helps teams prioritize. The fact that a weakness exists does not automatically explain why it matters now. A credible threat, such as active phishing against executives or ransomware against exposed services, adds urgency and context.
The term appears in threat modeling, security architecture reviews, risk assessments, SOC monitoring, and incident response. Security teams ask what threats are relevant to a new web application, which threats matter most to a privileged admin environment, and whether a new control meaningfully reduces those threats.
Threats can be human, technical, or environmental. A malicious actor is one type of threat, but so are outages, insider misuse, or a critical dependency failure that affects the availability of an essential service.
| Category | Example | Security implication |
|---|---|---|
| Human malicious | Phishing, fraud, insider abuse | Focus on prevention, detection, and access control |
| Human accidental | Misconfiguration, mistaken data exposure | Focus on process design and guardrails |
| Technical or dependency failure | Service outage, certificate expiry, provider issue | Focus on resilience and monitoring |
| Environmental or physical | Fire, flood, power loss | Focus on continuity and recovery planning |
A company runs a public customer portal that stores personal information. Relevant threats may include credential stuffing against user accounts, phishing against support staff, ransomware against connected systems, and outages that interrupt customer access.
A threat is not the same as a Vulnerability. A vulnerability is a weakness. A threat is the source of possible harm or the event that could make that weakness matter.
It is also different from an Exploit. An exploit is a method or code that takes advantage of a vulnerability. A threat is broader and may exist even before a specific exploit is publicly known.