Cybersecurity has become a credible threat to process safety, and the exposure has never been higher with 70% of Industrial Automation and Control Systems (IACS) now using remote access. The consequences of cyber-attacks are well understood for business networks (e.g., data theft, ransomware, denial of service), but for IACS there is the potential for even more severe consequences, because IACS control physical systems. Case studies will be used to demonstrate how cyber-attacks on IACS can cause damage to equipment, the environment, and safety. This paper will look at how cybersecurity is changing process safety, considering the impact of cybersecurity events on traditional strategies for safeguarding and risk assessment, and introduce key steps for managing cybersecurity risk. These concepts are at the core of the ongoing CCPS project Managing Cybersecurity – A Risk-based Approach Building on the Process Safety Framework.