This document outlines three levels of cyber security threats - low, mid, and high level - and proposes strategies to address each. Low level threats are the most common and can exploit known vulnerabilities, requiring good security hygiene. Mid-level threats are less common but can create unknown vulnerabilities, necessitating investment in security packages and specialized teams. High level threats are rare but unstoppable, so the strategy is to deter them through time-consuming and expensive roadblocks that force threats to target weaker organizations instead.