Cyber threats pose risks to all businesses and can result in data theft, ransom demands, data distortion, and data destruction. There are three main reasons why businesses are targeted: financial gain, valuable data, and causing maximum social damage. Potential consequences of a cyber event include production/service disruption, ransom costs, business losses, recovery costs, reputational damage, loss of customers, litigation, and fines. To manage cyber risks, businesses must understand where risks lie within their operations, focus on four key areas of data, identity, gateways, and external access/mobility, and implement a three-step risk management approach focused on backups, updates/security, and employee education.