
Cybersecurity risk is commonly expressed through impact and likelihood, yet likelihood remains difficult to estimate because cyber incidents are underreported, heterogeneous datasets are weakly comparable, and attacker behaviour changes faster than conventional probability baselines. This article proposes a method for operationalising likelihood through a cyber-exposure profile that integrates external cyber knowledge and organisation-specific telemetry into a graph-based representation. The contribution is a formally specified artefact chain — from unified data model through organization-specific profiling, metric registry, likelihood scoring, and control prioritization — that operationalises four constructs grounded in incident evidence: exposure, traceability, motivation, and Systems Update. The pipeline provides a pathway from heterogeneous source evidence to a bounded likelihood indicator comparable across organizations and observation periods. An evaluation in 15 real organizations shows that those implementing the cyber-exposure profile were associated with reduced incident frequency and faster detection-and-response times, providing preliminary empirical support for the framework’s directional claims.
FOS: Computer and information sciences, Cryptography and Security, Computer Science and Mathematics, Other, Cryptography and Security (cs.CR)
FOS: Computer and information sciences, Cryptography and Security, Computer Science and Mathematics, Other, Cryptography and Security (cs.CR)
| selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | 0 | |
| popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network. | Average | |
| influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | Average | |
| impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network. | Average |
