The Impact of Machine Learning on Cyber Risk Quantification in Financial Services: A Qualitative Evaluation of Threat Scoring Frameworks

Ishtiaque Ahmed; Rajib Sarkar

doi:10.63125/7aqqac69

Authors

Ishtiaque Ahmed MA in Information Technology Management, Webster University, Texas, USA Author
Rajib Sarkar Master of Business Administration, Finance and Strategy, Washington University in St. Louis, Olin Business School, St. Louis, Missouri, USA Author

DOI:

https://doi.org/10.63125/7aqqac69

Keywords:

Machine Learning, Cyber Risk Quantification, Threat Scoring, Financial Services, Operational Risk

Abstract

This study quantitatively evaluated the impact of machine learning–enhanced threat scoring frameworks on cyber risk quantification within a regulated financial services environment. Using a cross-sectional comparative design, 18,742 security event records were analyzed, including 1,964 confirmed malicious events (10.48%) and 16,778 benign events (89.52%). Multiple model families were benchmarked under standardized preprocessing and time-aware validation protocols to assess predictive discrimination, calibration quality, and monetized risk alignment. Results demonstrated substantial improvements associated with ML-based frameworks. The ML-enhanced models achieved a mean area under the ROC curve (AUC) of 0.912 compared to 0.781 for baseline scoring systems, with higher precision (0.842 vs. 0.694) and recall (0.817 vs. 0.628). Calibration error was significantly reduced from 0.067 in conventional models to 0.028 in ML-based models, indicating stronger probability alignment. Regression analyses further showed that ML-derived threat scores exhibited a stronger association with log-transformed financial loss outcomes (β = 0.64, p < .001) compared to baseline scores (β = 0.38, p < .001). The ML model explained 42.6% of the variance in loss magnitude (Adjusted R² = 0.426), representing a statistically significant improvement over the baseline model (Adjusted R² = 0.248). High-risk decile stratification under ML scoring produced a mean financial loss of $126,840 compared to $74,390 under conventional scoring, demonstrating enhanced concentration of severe loss events. Sensitivity analyses confirmed stability across alternative sampling and imbalance handling conditions. Collectively, the findings demonstrated that ML-enhanced threat scoring frameworks provided statistically and practically significant improvements in predictive performance and financial alignment, supporting more accurate and economically meaningful cyber risk quantification in financial services environments.