This episode builds on Episode 4 which presented the economic analysis of cybersecurity markets and the policy framework governing stakeholder actions. This episode considers the role of firms/organizations; it points to actions that government and businesses can take to ensure that their vital interests are secure from cyberattacks. It presents different types of risks that companies face and the tools to mitigate them, paying special attention to the interaction of business and technical needs. It also addresses the timing of investments in cybersecurity in an increasingly digitalized world.