If you have or need a cyber security program, the following steps can be used to develop or improve it.

• Establish a governance model. This can be a document or set of documents or a document management product. Start simple. Governance evolves with the program.

• Identify the information assets and the technologies that use and manage them.

• Consider threats and vulnerabilities. What could attack your business? What could disrupt or compromise your information assets? Where is your business vulnerable to an attack? Deploy cyber security awareness training,

• Consider the risks. What could happen to the information assets? What is the likelihood? What impact would losing them have on your business?

• Implement controls for each information asset risk. Consider how the assets can be protected and how they can be recovered if compromised.

• Plan response and recovery to handle incidents quickly and minimize damage.

• Monitor and measure threats, vulnerabilities, risks, and controls. Periodically assess the program, making adjustments as needed.

Lots of detail in that, but you can be flexible on the level.