This section defines the concept of cyber-risks and sets out an approach to effective cyber-risk management. In particular, it explores the main cybersecurity challenges for SMEs and the impacts of cyber-risks, and recommends the use of a risk matrix to identify, assess and manage these risks.