Cybersecurity risk management in organizations can be assisted through automation. A proposed framework includes key capabilities that technical solutions can provide like identifying risks, assessing threats and vulnerabilities, and recommending mitigations. Widely available commercial products support each capability; for example, one tool allows monitoring networks for risks while another evaluates security controls. Together, automated tools can help organizations better manage cyber risks.