A short article (column) entitled “How To Manage Cyber Risks – Lessons Learnt from Medical Science” will appear in the January 2023 issue of the IEEE Computer magazine. The article is co-authored by Andreas Grünert, and it continues some lines of thought that have their roots in a 2015 article in the IEEE Security & Privacy magazine (entitled “Quantitative Risk Analysis in Information Security Management: A Modern Fairy Tale”) and a 2017 guest editor’s introduction for an IEEE Computer magazine special issue on risk management (entitled “New Frontiers: Assessing and Managing Security Risks” and co-authored by Günther Pernul and Sokratis Katsikas). The soon to be published article explains why cyber risk management based on a threats-and-vulnerabilities analysis doesn’t work in the field, and how cyber risks can be managed instead. The suggested approach is conceptually related to medical science, and how a doctor typically manages the risks that refer to his or her patients’ health state. There are many things that can be learnt from this analogy.