In a computer network, risk is understood by the security network engineer as exposing the corporate network to an activity/event with undesirable consequences. The approach proposed in this research is to analyse the cyber risk and then manage it. This paper presents the challenges needed to be undertaken when analysing risk from an organisational point of view and as well as the steps needed to be scrutinised in terms of protection from the IT perspective. Depending on the risk scenario, we choose to manage risk in our favour, either minimising it, accepting it or avoiding it. Despite the risk-based scenario, protection must always be in place. It is recommended to increase data back-up strategies and use an external Managed Detection and Response provider to combat the increasing ransomware-as-a-service cyber-attacks affecting all scales of networks. The conclusion is the use of AI with human intervention to ensure accurate and timely hands-on cyber risk management.