Cybersecurity is essential for operations, especially in the pharmaceutical industry. In light of increased threats, existing security measures need to be reconsidered. Laws and guidelines such as B3S, NIS2 and KRITIS provide guidance for cybersecurity, but allow flexibility for practical implementation. The cyber security process begins with the identification of assets worthy of protection, followed by the implementation of physical, technical and organizational measures. It is important to detect attacks at an early stage using detection systems and security protocols. In an emergency, systems must be restored quickly, which is supported by trained personnel, functioning technologies and efficient processes. The focus is on preventive measures, while detection and recovery are often neglected. Our risk-based approach helps management and decision-makers to implement a holistic approach and not just meet minimum regulatory standards. It is a way to effectively manage cyber security by analyzing threats, assessing risks and taking countermeasures. The aim is to provide a clear, technology-independent strategy for effectively monitoring and managing cybersecurity to achieve regulatory compliance and optimal protection.