About the journal

• Home page
• Contact information
• Aims and scope
• Indexing information
• Editorial policies
• ComSIS consortium
• Journal boards
• Managing board

For authors

• Information for contributors
• Article submission
• Accepted papers
• Copyright transfer form
• Download section

For readers

• Forthcoming articles
• Current issue
• Archive

For reviewers

• Review submissions
• Review submissions OJS

News

• Journal's Facebook page
• Special issue proposal
• Calls for special issues

DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence

Javier Garcı́a-Ochoa¹, Jaime Rueda¹, Rubén R. Fernández¹, Alberto Fernández-Isabel¹, Isaac Martı́n de Diego¹, Emilio L. Cano¹, Romy R. Ravines², Ovidio López Espinosa² and Jaume Puigbó Sanvisens²

1. Rey Juan Carlos University, Department of Computing Science & Statistics, ETSII
   C/ Tulipán, s/n, 28933, Móstoles, Madrid (Spain)
   {javier.garciaochoa, jaime.rueda, ruben.rodriguez, alberto.fernandez.isabel, isaac.martin, emilio.lopez}@urjc.es
2. DeNexus Inc.
   Boston, United States
   {rr, ol, jp}@denexus.io

Abstract

The accelerated pace of digital transformation has significantly reshaped the cybersecurity domain, fostering an interconnected ecosystem in which cyber threats have expanded in both their complexity and scope. Traditional cybersecurity methods are increasingly inadequate for addressing the rapidly evolving threat landscape, emphasizing the critical need for intelligent, adaptive, and proactive defensive strategies. This study introduces Dynamic Industrial Cyber Risk Modelling Based on Evidence (DICYME), a comprehensive system that integrates diverse analytical techniques to identify patterns and characteristics that reveal emerging threat trends, enabling organizations to proactively defend against potential future attacks. Beyond threat detection, DICYME operates as a pipeline that retrieves data from diverse cyber incident reports, specialized databases, and other relevant sources of cyber-related information, applies specialized techniques for victim identification, indicator computation, threat actor profiling, Common Vulnerability and Exposure (CVE) relationship mapping, and ultimately performs the Cyber Risk Quantification (CRQ). This final stage represents the system’s most distinctive contribution, as it translates complex analytical outputs into actionable risk insights, empowering organizations to make informed strategic decisions in the face of evolving cyber threats. Alternatively, the system implements an automatic workflow that constructs new datasets of compromised entities, enabling these datasets to be used by all components of the system. Experiments on real cyber incident datasets demonstrate the system’s ability to automatically construct high-quality victim profiles and estimate annualized financial risk, offering a scalable and data-driven approach for proactive cybersecurity management.

Key words

Cyber risk quantification, Machine Learning, Large Language Models, Indicators, Firmographics, Threat actors, Vulnerabilities

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS251030011G

Publication information

Volume 23, Issue 1 (January 2026)
Year of Publication: 2026
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

Available in PDF
Portable Document Format

How to cite

Garcı́a-Ochoa, J., Rueda, J., Fernández, R. R., Fernández-Isabel, A., Diego, I. M. d., Cano, E. L., Ravines, R. R., Espinosa, O. L., Sanvisens, J. P.: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence. Computer Science and Information Systems, Vol. 23, No. 1, 343-368. (2026), https://doi.org/10.2298/CSIS251030011G