Industrial control systems are cyber-physical systems that are used to operate critical infrastructures such as smart grids, traffic systems, industrial facilities, and water distribution networks. The digitalization of these systems increases their efficiency and decreases their cost of operation, but also makes them more vulnerable to cyber-attacks. In order to protect industrial control systems from cyber-attacks, the installation of multiple layers of security measures is necessary. In this paper, we study how to allocate a large number of security measures under a limited budget, such as to minimize the total risk of cyber-attacks. The security measure allocation problem formulated in this way is a combinatorial optimization problem subject to a knapsack (budget) constraint. The formulated problem is NP-hard, therefore we propose a method to exploit submodularity of the objective function so that polynomial time algorithms can be applied to obtain solutions with guaranteed approximation bounds. The problem formulation requires a preprocessing step in which attack scenarios are selected, and impacts and likelihoods of these scenarios are estimated. We discuss how the proposed method can be applied in practice.