Cyber risk has become increasingly important as the severity and frequency of cyber incidents is steadily on the rise. Cyber risk management is thus a necessity for businesses to ensure firms’ stability and operability, which is partially even required by law. Therefore, this paper focuses on the major components of an effective cyber risk management process. This is done based on a comprehensive review of the academic literature and relevant frameworks (ISO/IEC 27000 series) and by outlining the cyber risk management process step by step. In addition, we discuss existing challenges and problems of cyber risk management. The study emphasizes that a comprehensive management of cyber risks needs well-designed internal risk management structures as well as adequate awareness for such threats.