To assist in the automation of factory processes, the amount of valuable data flow in the industrial cyber-physical system (CPS), Internet of things (IoT) and cloud computing will also have to increase accordingly. Thus, developing a risk assessment system which is specialized for an industrial IoT system is necessary, especially for the cloud platform that the data mainly flow on. In this paper, we revise the AHP (Analytic Hierarchy Process) method and propose a 3-layer AHP-based risk assessment model (3aRAM) for an Industrial IoT cloud (PaaS platform) to allow the cloud system to self-benchmark its own security status. The model is composed of three phases: data collection, data analysis and risk assessment. To refrain from unnecessary experts involving into the risk assessment phase, a feedback mechanism is designed in the proposed model. We realize the risk assessment system and apply it to an industrial IoT cloud system. Finally, we estimate the practicality of our system by injecting different degrees of noises and launching DoS attacks, and show the change of integrity and availability scores, which are generated by the proposed risk assessment model.