The article discusses the concept and classification of information risks, explains the possibilities of risk management in various organizations, and suggests the main measures of risk management in commercial organizations. Special attention is paid to the issues of information risk management in organizations.