Abstract: The Cybersecurity Law has been formally implemented as of June 1st, 2017, which provides a number of requirements on cyber operators' obligations to safeguard security. In-plant risk control becomes an important approach and effective way of implementing applicable provisions of the Cybersecurity Law. The "Wannacry" blackmail virus that broke out recently further exposes neglected and insufficient internal cybersecurity risk control among Chinese practices, which becomes a reality that must be faced squarely. This paper compared and analyzed codes for internal control, surveillance and administration of Chinese and American enterprises in terms of internal and external surveillance systems, accounting liability systems and degree of penalization in enterprises and points out the necessities to normalize duties of corporate supervisors and administrators and define liabilities of both subjects and objects of surveillance and administration in China; and to normalize and detail China's accounting liability system to make regulations more specific and operable; and to refine China's information disclosure system and provide more regulations on disclosure of major information and real-time of such disclosure to make them more delicate; and to enhance China's law enforcement efforts in terms of administrative direction and legal responsibilities.