“Cybersecurity” is really about protecting your computer infrastructure or your identity in the digital context, on the Internet or connected to a network. It's those security protections extended to the cyber domain.
A “vulnerability” is a problem within a piece of software code that could be exploited for unintended purposes by a particular adversary.
“Threats” can be considered across a spectrum of criminal organizations or nation-state adversaries.
We've also done work at Microsoft with the Citizen Lab at the Munk School at the University of Toronto to try to shine a light on what we call “private sector offensive actors” who are building spyware for sale to governments and other organizations.
Really, risk and risk management are what all organizations at the core are looking to focus their business efforts on. There's always a trade-off between risks and benefits, and there's only a limited amount of money and people—