The term Internet of Things (IoT) refers to a broad class of devices used by business entities as well as consumers to provide or consume a broad array of services. All these devices share their need to connect to the internet to deliver their native functionality. This connection requirement exposes the devices to the cybersecurity threats found on the internet. Existing literature on IoT cybersecurity solution models has shown that different technologies, such as communication technologies, mobile-app based authorization framework, graph-theoretic approach or blockchain technologies, have been majorly proposed to solve IoT security issues. However, these studies only focus on some specific IoT security issues like data theft or security issues on some specific layer across the whole IoT architecture. Therefore, there is a lack of systematic framework to solve IoT cybersecurity issues. This paper presents a framework for assessing such risks. In the qualitative analysis results, the device threats seem more severe than data confidentiality and privacy issues. This surprising finding highlights the significances of security taxonomy because both issues are based on different technical requirements. Our study has important managerial and practical implications for users, managers, and policymakers.