A cyber threat can be intentional or unintentional, targeted or non-targeted, and can come from a variety of sources, including: foreign nations engaged in espionage and information warfare; criminals; hackers; virus writers; and disgruntled employees and contractors working within an organization
Unintentional threats can be caused by inattentive or untrained employees, software upgrades, maintenance procedures and equipment failures that inadvertently disrupt computer systems or corrupt data
Intentional threats include both targeted and non-targeted attacks. A targeted attack is when a group or individual specifically attacks a critical infrastructure system. A non-targeted attack occurs when the intended target of the attack is uncertain, such as when a virus, worm, or malware is released on the Internet with no specific target.
Repeatedly identified as the most worrisome threat is the "insider" - someone who has authorized and legitimate access to a system or network.