Every day, we all handle sensitive personal or professional information whose loss, theft or unavailability can have serious consequences, including elevated risk to ourselves, others, or the organization we represent. 

In that regard, cybersecurity risk is composed of three factors:

Vulnerability

A weakness or defect (human, technical...) that can be exploited by cybercriminals to gain unauthorized access to a computer system. 

Threat

An external or internal factor; someone or something that could exploit the vulnerability.

Impact

The consequences resulting from the threat, which can be tangible and quantifiable in material terms, or intangible (psychological consequences, damage to the reputation of a person or company, etc.)