The Threat, Vulnerability, and Risk these terms are interrelated but not the same.
Threat : A cyber threat is a malicious act that seeks to steal or damage data or discompose the digital network or system. Threats can also be defined as the possibility of a successful cyber attack to get access to the sensitive data of a system unethically. Examples of threats include computer viruses, Denial of Service (DoS) attacks, data breaches, and even sometimes dishonest employees.
Vulnerability : In cybersecurity, a vulnerability is a flaw in a system’s design, security procedures, internal controls, etc., that can be exploited by cybercriminals. In some very rare cases, cyber vulnerabilities are created as a result of cyberattacks, not because of network misconfigurations. Even it can be caused if any employee anyhow downloads a virus or a social engineering attack.
Risk : Cyber risk is a potential consequence of the loss or damage of assets or data caused by a cyber threat. Risk can never be completely removed, but it can be managed to a level that satisfies an organization’s tolerance for risk. So, our target is not to have a risk-free system, but to keep the risk as low as possible.
Cyber risks can be defined with this simple formula, Risk = Threat + Vulnerability