In general, a hardware risk comes from a specific or outdated piece of hardware, while a software risk comes from a specific or outdated piece of software.
Hardware risks are more prone to physical damage or crashes; an old hard drive is a greater risk because of its age and the integrity of its parts. Some pieces of hardware are incompatible with security software, forcing the user to disable that protection to use it and making the computer vulnerable. One common piece of hardware that poses a risk to information security is the Key Logger, a small device that plugs into the keyboard cable between it and the computer; the logger records every keystroke made for later review. There are also hardware virus protection and firewall devices that route all Internet use through a filtering unit; this allows the unit to see and trap viruses before they ever touch the main computer or network.
Software risks are more prone to viruses and system errors; older software often has holes in their security that can be exploited by new viruses. Not all viruses are written to crash computers; many modern programs, called malware and spyware, are written specifically to run in the background and send information about computer use and browsing habits back to the creator. These pose a great risk to internal computer security. Additionally, some software is built to include malware in its installation; these programs are intended to be used for their actual purpose, allowing the malware to be installed without any outside assistance.
Companies face a variety of risks to their hardware and software systems. In software risk, programs, files, and the information can be theft or corrupt by hackers or viruses. So you need to some software security programs and other cyber-tools that protect your programs, files, and the information flow to and from a computer. While in hardware risk, machine and peripheral can be theft and can be damaged or affected from electronic incursion. So for the protection of the machine and peripherals you need to have hardware security.