Small Medium Business (SMB) today are facing an ever increasing Cyber Security risks to their business. I will briefly discuss the 2012 & 21013 Cyber risk statistics SMBs face; from both the Verizon Data Breach Investigation (DBIR) and Symantec Internet Security Threat (ISTR) Reports. I then will look at a generic evaluation to Security Risk Management Frameworks (SRMF) for SMBs; and compare / contrast 4 major SRMFs. Next (briefly) we need to look at SRMF vs. Audit Management. Finally I will suggest a HoQ approach for SMBs to use to determine their “top 10 security risks” to their business. The HoQ is used as an introduction to SRMF to addresses PII and PCI-DSS requirements for their business; but adds an employee engagement approach, an internal risk assessments, security awareness training & the foundation for a security policy for their business. As the DBIR & ISTR’s conclude, SMBs will need help.