This short document summarises the work undertaken by IRM’s Risk in Information Systems and E-business (RISE) special interest group (SIG). It also incorporates ideas discussed at a series of round table events organised by IRM in partnership with BAE Systems Applied Intelligence. It is relevant for all professionals, particularly for those working at board level, and we finish by offering a set of questions that all boards should ask, and be able to answer, about their organisation’s management of cyber risks. There is also a longer companion document – Cyber Risk – Resources for Practitioners – which covers the detailed thinking behind the high level guidance and also offers practical tools and insight into the subject areas. This longer document is available for download to IRM members and the members of our supporting organisations from their respective websites.