In recent years, with the frequent occurrence of cyber security incidents, people have paid more attention to it. Information security risk assessment is a very important research topic. This paper gives a brief overview of the theory of cybersecurity risk assessment, focuses on the description of the current mainstream cybersecurity risk assessment methods, classifies and compares the existing methods according to the nature of the methods, and analyses the advantages, disadvantages, and application scope of each method. Finally, the main factors affecting the evaluation results are summarized and refined, and future research hotspots in this field are proposed. Through the empirical analysis of the three factors, the influence of the correlation of the three factors, the uncertainty of the evaluation indexes, and the timeliness of the evaluation on the evaluation results are concluded, which provides a reference for future research on evaluation methods.