Cyber risks represent a significant and growing global issue requiring a proactive and integrated management approach. This paper examines the challenges in the process of managing cyber risks, defines the roles and responsibilities of internal audit in this area, and explores its future directions. Traditional risk management approaches often fail to address the complexity and rapid evolution of cyber threats. Organizations must develop strategies that encompass identifying, analyzing, and treating cyber risks, leveraging both technical and non-technical measures to mitigate potential damages. Internal audit, as the third line of defense, provides independent assessments of the effectiveness of existing controls and suggests improvements to both the controls and the overall risk management process. However, internal audit faces challenges such as a lack of expertise in cybersecurity and the necessity of collaboration with IT professionals. Successful cyber risk management demands a holistic approach, integrating technical measures, robust non-technical controls, and continuous learning and skill development.