Threat or menace?

Sorry to be ranting again, but I am doing a survey that was sent via a certain large certifying organization.  One of the questions for "information security professionals" to answer was:


Thinking about your own organization, please rate the following potential security threats on the degree of concern you have for each.

• Trusted third parties                   
• Hacktivists                   
• Hackers                   
• Internal employees                   
• Contractors                   
• Mobile devices                   
• Cloud-based services                   
• Malware                   
• State sponsored acts                   
• Cyber terrorism                   
• Organized crime                   
• Application vulnerabilities    

Mobile devices are a threat?   Cloud-based services are a threat?    Really?  I think of those two things as technologies.  Neutral technologies.  Now these technologies may be full of vulnerabilities.  And there is a probability that these vulnerabilities may be exploited by threats... which will have impacts. 

Heck I'd even say malware isn't a threat.  Attackers using malware is.

And this from a survey targeting ccertified professionals who are supposedly tested in the basics of the risk equation.   But maybe different folks have a different way of thinking about threats?   Am I taking crazy pills?

So the question I put to all of you - What is a threat?