These are terms most people are more familiar with, but they all mean the same thing- the security of your business was compromised (you've been hacked). Most people are familiar with the tell-tale pop-up ads that occur when your computer has been infected with spyware. Most malware today is not so obvious; it infects your computer and silently sends details back to its controller. Information such as bank accounts and intellectual property are the targets of today's cybercriminals.
Enthusiasts- Sometimes referred to as "script kiddies" in the industry. These are opportunist and unskilled attackers that look for any easy opening. Enthusiasts surf the Internet looking for easy to exploit vulnerabilities in software without any particular victim in mind.
Skilled Enthusiasts- This level of attackers are akin to Network Administrators. Skilled enthusiasts are attackers that have a good understanding of how networks and companies work. Attackers at this skill level use similar tools to the "script kiddies," but skilled enthusiasts understand when to use a particular attack tool and may have a specific target in mind.
Professional Cyber Criminals- These are the for-hire bad guys of the cyber world. They are not as obvious as the average attacker, and they're very good at getting what they are after. These attackers typically go after bank account numbers, intellectual property, social security numbers, credit cards, and patient information. Professional criminals use either modified, or off-the-shelf variety attack tools or, in some cases, custom written malware, making them much harder to detect.
Nation-States or Advanced Persistent Threats (APT)- Attackers are highly skilled and well funded at this level. It is thought that many of these attacks go unnoticed, so it's tough to get a good feeling for how common they are. Attacks at this level include the breaches at Google, RSA, Stuxnet, Flame malware, and other nation-state or well-funded attacks. The tools these attackers use are custom written to avoid detection.
Your company must be realistic about what sort of attackers it's likely to face. It's equally important that the current state of your company's security program is understood. Suppose your company has never had a risk assessment, start there. A risk assessment will help you quantify your biggest threats and prioritize your resources.