How to perform cyber risk assessment via cumulative logit models