The proliferation of Internet of Things (IoT) devices across manufacturing, healthcare, energy, and mobility operations has expanded the digital surface that adversaries can target, creating an urgent need for business analytics frameworks that can quantify and mitigate cyber risk in distributed environments. This paper proposes a Business Data Analytics framework for Cyber Risk Detection (BDA-CRD) that combines decentralized model training, reinforcement-driven decision policies, and meta-learned client-specific adaptation to deliver real-time threat scoring without exposing raw operational data. The analytic engine integrates a hybrid neural learner that captures spatial, temporal, and long-range dependencies in network telemetry, and an asynchronous aggregation protocol with global momentum that accelerates convergence across heterogeneous fog nodes. Differential privacy noise injection preserves the confidentiality of business-sensitive logs while supporting auditability under regulatory frameworks. Empirical evaluation on six publicly available IoT cyber risk benchmarks - UNSW-NB15, Edge-IIoTset, WUSTL-EHMS-2020, CIC-IDS2018, the Car-Hacking corpus, and the Mississippi State Power System dataset - shows that BDA-CRD attains an average detection accuracy of 97.80%, recall of 97.40%, precision of 96.21%, F1-score of 96.79%, false-positive rate of 3.09%, false-negative rate of 2.60%, average decision latency of 227 ms, and a security level score of 88.7% under a five-client independent and identically distributed (IID) configuration. Compared with a centralized analytic baseline, the framework yields a 1.21-percentage-point accuracy improvement and a 25.6% reduction in latency. Scalability experiments between five and forty clients indicate that the framework retains 73.86% accuracy under IID and 70.48% under non-IID distributions at scale. Sensitivity analysis identifies privacy budget tuning and client-specific learning rate as the parameters most critical for managerial decision support. The findings translate into a practical investment-prioritisation matrix for cyber risk officers operating distributed IoT estates.