Authors : Idowu Scholastica Adegoke; Semiu Kolawole Babajide

Volume/Issue : Volume 11 - 2026, Issue 1 - January

Google Scholar : https://tinyurl.com/4rscvcet

Scribd : https://tinyurl.com/5h534wmy

DOI : https://doi.org/10.38124/ijisrt/26jan606

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Cyber threats are gaining traction and spreading like wildfire among financial institutions, and demand proactive assessment measures that integrate technical (network) vulnerabilities with business impact metrics. This study developed a comprehensive cyber-risk scoring and visualization framework capable of addressing the shortcomings of traditional risk assessment approaches. The framework adopted a multi-layered architecture, where business Key Performance Indicators (KPIs), such as transaction anomalies and operational costs, and network security metrics (intrusion detection alerts and vulnerability scans) are merged. Gradient boosting, a machine learning model, was used to classify risks, while autoencoders were employed to detect anomalies. These tools were trained on the CICIDS2017 dataset for improved predictive capabilities. Using a dynamic risk-scoring algorithm, the study contextualized cyber threats in terms of financial implications, expressed as Security Control Scores and Loss Exceedance Curves. The result showed an ROC-AUC risk prediction score of 0.89 when tested in a simulated medium-sized bank environment with 500 assets. The interactive visualization platform converted risk data into valuable insights for executives and other stakeholders. In sum, the framework bridges the gap between security measures and business decision-making in financial institutions to optimize cybersecurity investments, enhance organizational resilience against cyberthreats, and ensure effective compliance reporting.

Keywords : Cyber-Risk Scoring, Financial Institutions, Banks, Integrated Business, Network Analytics, Cyberthreats.

References :

1. Aljadani, A., Mansour, M. M., & Yousof, H. M. (2024). A novel model for finance and reliability applications: Theory, practices and financial peaks over a random threshold value-at-risk analysis. Pakistan Journal of Statistics and Operations Research, 489-515.
2. Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2019). A comprehensive review of cybersecurity vulnerabilities, threats, attacks, and solutions. Electronics, 8(11), 1215.
3. Bahmanova, K., & Lace, N. (2024). Towards a holistic cybersecurity framework: Integrating technical, social, and business perspectives for enhanced organizational resilience. Journal of Cybersecurity, 10(1), 45-62.
4. Baker, S. D., & Ratnadiwakara, D. (2025). Cyber Risk in Banking: Measuring and Predicting Vulnerability. Available at SSRN 5498259.
5. Collen, A., Szanto, J.-C., Benyahya, M., Genge, B., & Nijdam, N. A. (2022). Integrating human factors in the visualisation of usable transparency for dynamic risk assessment. Information, 13(7), 340.
6. Crotty, J., & Daniel, E. (2022). Cyber threat: its origins and consequences and the use of qualitative and quantitative methods in cyber risk assessment. Applied Computing and Informatics, (ahead-of-print).
7. Dupont, B. (2019). The cyber-resilience of financial institutions: significance and applicability. Journal of Cybersecurity, 5(1), tyz013.
8. Gulyás, A., & Kiss, A. (2023). Systemic cyber risk in the financial sector: A review of policy, research, and practice. Journal of Financial Stability, 68,101163.
9. Hakonen, P. (2022). Detecting insider threats using user and entity behaviour analytics.
10. Ismail, M. N., Kallow, S. M., Gati, K. H., Al-Bayati, H. N. A., & Butsenko, Y. (2024). Quantitative Approaches in Decision Theory for Enhancing Risk Assessment Strategies. Journal of Ecohumanism, 3(5), 308-321.

11. Kandasamy, K., Srinivas, S., Achuthan, K., & Rangan, V. P. (2020). IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP Journal on Information Security, 2020(1), 8.
12. Liu, Y., & Zaharia, M. (2022). Practical Deep Learning at Scale with MLflow: Bridge the gap between offline experimentation and online production. Packt Publishing Ltd.
13. Noah, A., Moon, L., & John, A. (2024). The Consequences of Non-Compliance with Data Protection Regulations on Business Analytics. Unpublished manuscript.
14. Neto, E. C. P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., & Ghorbani, A. A. (2025). Deep learning for network intrusion detection: A comprehensive survey. IEEE Communications Surveys & Tutorials, 27(1), 66-105.
15. Onwubiko, C., & Onwubiko, A. (2019, June). Cyber KPI for return on security investment. In the 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA) (pp. 1-8). IEEE.
16. Santini, P., Gottardi, G., Baldi, M., & Chiaraluce, F. (2019). A data-driven approach to cyber risk assessment. Security and Communication Networks, 2019, Article ID 6716918.
17. Santoso, P. A. (2024). The Role of Threat Intelligence Sharing in Strengthening Collective Cyber Defense Across Organizations. Global Research Perspectives on Cybersecurity Governance, Policy, and Management, 8(12), 24-33.
18. Sokri, A. (2019, July). Cyber security risk modelling and assessment: A quantitative approach. In Proc. 18th Eur. Conf. Cyber Warfare Secur. (ECCWS) (p. 466).
19. Talwar, I. (2019). Risk Quantification to Measure Security Performance-SecurityScore Assessment Methodology (Master's thesis, NTNU).
20. Tsiodra, M., Panda, S., Chronopoulos, M., & Panaousis, E. (2023). Cyber risk assessment and optimization: A small business case study. IEEE Access, 11, 44467-44481.
21. Varga, S., Brynielsson, J., Franke, U., & Rosell, M. (2020). Cyber-threat: Its origins and consequences, and the need for a holistic approach to risk. Journal of Risk and Financial Management, 13(9), 212.
22. Wu, J., Chen, X. Y., Zhang, H., Xiong, L. D., Lei, H., & Deng, S. H. (2019). Hyperparameter optimization for machine learning models based on Bayesian optimization. Journal of Electronic Science and Technology, 17(1), 26-40.