The Threat Register

The threat register is the master document that tracks all identified threats, their probability and impact scores, their early warning indicator status, and their response readiness. It is organized into three sections: active threats (probability x impact score > 8, requiring active response planning), monitoring threats (score 3-7, tracked through indicators), and retired threats (threats that have either materialized and been responded to, or that have been assessed as no longer credible, documented for institutional learning).

1. Structure the Register Each entry contains: threat ID, threat name, category (displacement/substitution/platform/regulatory/convergence), description, probability score, impact score, priority score, early warning indicators with current status, response strategy, playbook reference, and last review date. The register should be a living document accessible to all stakeholders with update permissions restricted to the intelligence team.
2. Update Cadence Active threats: review monthly, update scores based on new indicator data. Monitoring threats: review quarterly, promote to active if scores increase. New threats: added as they are identified through ecosystem monitoring. Retired threats: moved when they materialize or when evidence no longer supports the threat thesis. Every update should include the rationale for score changes.
3. Communicate Changes When a threat's priority score changes by 3 or more points, notify the relevant stakeholders immediately. When a threat is promoted from monitoring to active, trigger the corresponding response planning process. When a threat is retired, document the reason and the lessons learned. The register is a communication tool as much as a tracking tool.