Increased dependency on technology and data usage has simultaneously enhanced the risk exposures and vulnerabilities of organizations globally. This paper investigates this issue in India by analyzing the survey-based data we collect and provides a framework for qualitative assessment of cyber risks. The paper uses the Structural Equation Model (SEM) to validate the conceptual cyber-risk model that we have developed using the key-risk factors, such as the level of awareness, perceived risk likelihood, level of cyber-security, and cyber-risk exposures. The study results show that the risk vulnerability and the perceived risk likelihood have a positive impact on risk exposure, while risk awareness, cybersecurity, and control measures have a negative relationship. This study also identifies the causal factors among the exposures and the findings can help organizations prioritize their cybersecurity protection investments and caution insurers to take necessary mitigation measures for effective cyber-risk management and financing for their clients.