Learning outcomes The learning outcome of this paper is to identify and interpret the risks linked to cyber-security and their impact on the organization. Analyze business management regarding cyber-security and information technology (IT) risk management. Evaluate and propose decision-making strategies for IT projects. Case overview/synopsis Silver Bank is a financial entity with broad national coverage. Its growth was directly related to its investments in customer service. The entire organization is focused on satisfying its clients’ needs, improving their experience and making them loyal to the company. However, it did not pay enough attention to a threat that, with time, had become more pronounced: cyber-attacks. Its efforts to fight against this threat were only temporary solutions, as gaps in its IT system made it an easy target for criminals until the arrival of Iván Ramírez, who proposes a holistic solution to decrease the probability and severity of these attacks. However, past experiences, ignorance and budget constraints make it a difficult task to convince the bank’s board of directors to implement the proposed solution. Complexity academic level The case can be used as teaching material in upper-level undergraduate and graduate management courses: –undergraduate courses: information technology management, IT project analysis and management – MBA or graduate courses: information technology management, strategic management and security governance. Supplementary materials Teaching notes are available for educators only. Subject code CSS 11: Strategy.