Operators of industrial facilities, particularly those that operate critical, potentially dangerous processes or produce product for consumer consumption, are rightfully very concerned about the potential for cyber threats that can accidentally or intentionally manipulate their industrial control systems (ICS). Modern ICS are highly vulnerable to cyber threats due to their increased use of commercial IT technology and extensive network connectivity. At the same time, the prospect of cyber threats to an ICS is all too real. In the last few years, there have been numerous documented attempts to hack or inject a virus into an ICS in order to intentionally cause harm or destruction. This presentation explores the challenges that most industrial companies face in understanding the true risk of cyber threats to their industrial processes and introduces Cyber PHA as a solution. Based on Process Hazard Analysis (PHA), which has been used in the process industries for decades to assist in understanding and ranking operational risks so they can be properly mitigated, a Cyber PHA is an organized and systematic assessment of the potential cyber threats to an ICS. It aids in understanding the true risk by identifying and qualifying threats, vulnerabilities and consequences.