Industry 4.0 has brought huge benefits to a wide range of industries. Its development, however, has raised more cyber security risks in both Information Technology (IT) and Operational Technology (OT) systems. In this paper, potential cyber vulnerabilities and threats in manufacturing in Industry 4.0 are briefly reviewed based on the architecture and operating principle of the manufacturing system in Industry 4.0. Criteria for cyber risk assessment for both IT and OT are reviewed via different standards. We then provide recommendations for cyber risk assessment and discuss a new framework for IT/OT risk assessment in Vietnam.