This thesis explores IT risk management in a case company, focusing on identifying and assessing the most significant IT risks. The study aims to determine the biggest threat to the company and the reasons behind it, while also understanding the process of managing IT risks. A deductive research method was used, involving interviews and observations to collect data. The research found that inadequate anti-virus software protection is the biggest threat, as the manager ignored existing problems, which could lead to even greater risks in the future. Key terms include IT risks, risk management, and software protection. The study covers the background of risk management, research methodology, literature review, case study, data analysis, and conclusions. It discusses the importance of risk management in IT, the impact of IT risks on businesses, and the need for effective countermeasures. The case study highlights the identification and assessment of IT risks, including physical and non-physical threats, and proposes recommendations for risk reduction. The research emphasizes the importance of proactive risk management to prevent potential disasters and ensure business continuity. The findings suggest that inadequate anti-virus protection is the most critical risk, and the company should take steps to address this issue. The study concludes that effective risk management is essential for the company's survival and success.This thesis explores IT risk management in a case company, focusing on identifying and assessing the most significant IT risks. The study aims to determine the biggest threat to the company and the reasons behind it, while also understanding the process of managing IT risks. A deductive research method was used, involving interviews and observations to collect data. The research found that inadequate anti-virus software protection is the biggest threat, as the manager ignored existing problems, which could lead to even greater risks in the future. Key terms include IT risks, risk management, and software protection. The study covers the background of risk management, research methodology, literature review, case study, data analysis, and conclusions. It discusses the importance of risk management in IT, the impact of IT risks on businesses, and the need for effective countermeasures. The case study highlights the identification and assessment of IT risks, including physical and non-physical threats, and proposes recommendations for risk reduction. The research emphasizes the importance of proactive risk management to prevent potential disasters and ensure business continuity. The findings suggest that inadequate anti-virus protection is the most critical risk, and the company should take steps to address this issue. The study concludes that effective risk management is essential for the company's survival and success.