The threat level is set by SophosLabs, and is based on a combination of malware, spam and web threats prevalence and intelligence regarding new vulnerabilities.
1 LOW 
There is no vulnerability rated as medium risk or higher with no patch available and the global threat prevalence is lower than typical.
Even at this 'normal' threat level, there is a significant volume of active threats and customers should ensure all machines are adequately protected by up-to-date antivirus and firewall applications and patched. A 'business as usual' scenario.
2 MEDIUM 
Increased alertness required, malicious attacks could well be imminent. Either a vulnerability was rated as medium risk with no patch available, or there was a significant increase in the global threat prevalence.
Customers should assess vulnerability information and identify and examine the relevant exposed systems.
3 HIGH 
Attacks are known to be occurring, and there is a strong likelihood of exposed systems being attacked and exploited. Either there is a known high-risk vulnerability with no patch available, or there was a significant increase in the global threat prevalence.
There may be some requirement for customers to deploy additional monitoring, or potentially reconfigure exposed systems temporarily.
4 CRITICAL 
Full alert. There is a known high-risk vulnerability with no patch available which is being actively targeted by malware. Global activity suggests exposed systems will almost certainly be attacked and exploited.
Customer actions? Deploy additional staff, put temporary emergency measures in place.