Businesses today must successfully manage their cyber risk to thrive. Effective risk management requires cyberthreat information sharing. This paper outlines three key steps to manage the risk and close the attacker–defender gap: making information sharing a C-suite prerogative; managing compliance and regulatory concerns; and defining “sharing” on a practical level. Businesses that adopt this paper’s framework, productively sharing information at the organizational level and embracing a collective defence posture, will be well on their way to managing their cyber risk effectively. Indeed, by making information sharing a part of leadership priorities, by understanding and responding to compliance and regulatory concerns, and by more clearly defining what sharing means, achieving an information-led approach to cybersecurity becomes an achievable and necessary business advantage.