Inadvertent threats, which arise from unintentional human error, negligence, or lack of awareness by authorized personnel, are frequently the most overlooked and difficult to evaluate. Security programs often prioritize defending against external, malicious actors (e.g., cyberattacks), underestimating the high frequency and potential impact of internal mistakes. Evaluating this threat is challenging because human behavior is unpredictable, and quantifying the probability of a specific error is nearly impossible with traditional risk assessment models. Unlike natural disasters or defined cyber threats, inadvertent actions lack clear patterns or measurable precursors.

B. Natural: Natural threats like floods or earthquakes are a fundamental part of business continuity and disaster recovery planning and are rarely overlooked in a comprehensive risk assessment.

C. Cyber: Cyber threats are among the most high-profile and heavily scrutinized risks today; they receive significant attention and resources, making them one of the least overlooked categories.

D. Indirect: Indirect threats, such as utility outages or supply chain disruptions, are a core component of operational risk management and are not typically overlooked in mature security programs.

1. ASIS International. (2021). Protection of Assets: Information Security. Alexandria

VA: ASIS International. In Chapter 2

"Information Security Risk Management

" the text emphasizes that human factors are a primary source of risk

stating

"People can be the weakest link in any security program... Threats from insiders can be intentional or unintentional" (p. 2-18). It highlights the difficulty in predicting and mitigating these unintentional actions compared to more structured external threats.

2. Fischer

R. J.

Halibozek

E.

& Walters

D. C. (2019). Introduction to Security (10th ed.). Butterworth-Heinemann. Chapter 11

"Information Security

" discusses the "human element" as a critical vulnerability. The text notes that "unintentional acts or human error... are a major source of computer security problems" and are often more common than malicious attacks

yet harder to predict and control (p. 288).

3. Pfleeger

C. P.

Pfleeger

S. L.

& Margulies

J. (2015). Security in Computing (5th ed.). Prentice Hall. Chapter 1

"Is There a Security Problem in Computing?"

identifies human errors as a significant and pervasive threat category

noting that "unintentional

non-malicious... human errors are a major source of security vulnerabilities" (p. 29). The text implicitly supports the difficulty in evaluating these unpredictable

non-malicious actions.