Cyber risks are an important point on the business agenda in every company, but they are difficult to assess due to the absence of reliable data and profound analyses. To improve this situation, we identify cyber losses from an operational risk database and analyze these with methods from the field of actuarial science. Specifically, we apply operational risk models in order to yield consistent risk estimates, depending on country, industry, size, and other variables. Our results show that human behavior is the main source of cyber risk and that cyber risks are very different compared to other operational risk. The results of the paper are useful for practitioners, policymakers and regulators in order to provide a better understanding of this new and important type of risk.