A Threat is a person or natural event that can exploit a Vulnerability. In the area of information security a “Threat” is typically a person such as a disgruntled employee, hacker or criminal. In the area of business continuity planning a "Threat" includes natural events that disrupt an organization and deny the availability of data or systems.
Systems, applications and processes do not fail on their own. You need an agent - a person or natural event - to exploit a vulnerability in order for a loss to occur. For example, an unreinforced brick building is vulnerable to destruction in an earthquake. But if the threat of a significant earthquake is remote, the likelihood of loss is low.