IT Security – Threat vs Risk vs Vulnurablity | Whats the difference?

In order to have a strong handle on data security issues that may potentially impact our business, it is must for us to understand the relationship and differences of three components – Threat, Vulnerability and Risk. Frequently these technical terms are used interchangeably, but although related, they are distinct terms with different meanings and implications. People usually get confused when to use and where to use them.

What’s the Difference Between an IT Security Vulnerability, Threat and Risk?


A threat refers to a new or newly discovered incident with the potential to do harm to a system, network, firewalls or your overall organization.

There are three main types of threats:

  1. Natural threats (e.g., floods or a tornado),
  2. Unintentional threats (such as an employee mistakenly accessing the wrong information)
  3. Intentional threats.

There are many examples of intentional threats including spyware, malware, adware companies or the actions of a disgruntled employee.

In addition, worms and viruses are also categorized as threats, because they could potentially cause harm to your organization through exposure to an automated attack, as opposed to one created by humans.


A vulnerability refers to a known weakness of an asset or devices that can be exploited by one or more attackers.

In other words, it is a known issue that allows an attack to be successful.

For example, when a team member resigns and you forget to disable their access to external accounts, change logins or remove their names from company credit cards, this leaves your business open to both intentional and unintentional threats.

However, most vulnerabilities are exploited by automated attackers and not a human typing on the other side of the network.


Risk refers to the potential for loss or damage when a threat exploits a vulnerability. Examples of risk include financial losses as a result of business disruption, loss of privacy, reputational damage and can even include loss of life as well.

Risk can also be defined as follows:

Risk = Threat X Vulnerability

Improve Security in over all network and system based.

All your website must be with SSL Certificate.


Leave a Reply

Your email address will not be published. Required fields are marked *