The paper focuses on the study of cyber security in Ukraine and creation of a predictive model for reducing the risk of identified cyber threats. Forecasting is performed using a linear regression model, taking into account the optimal dependence of specific threats in the field of cyber security of Ukraine on variables characterizing capabilities / vulnerabilities of cyber security. An unique empirical base was used for the analysis, which was formed on the basis of an expert survey of the cyber security system’s subjects in Ukraine. In order to increase the representativeness of the research, based on the selection of reliable expert population, data cleaning is provided. Methodological research is based on a risk-oriented approach, which provided a risk assessment of the spread of cyber threats and, on this basis, the determination of capabilities / vulnerabilities of the cyber security system in Ukraine. The value of the research is formed not only by assessing the risks of the spread of cyber threats, but by a more in-depth analysis of the dependence of the cyber threats’ level on the vulnerability of the cyber security system based on the search for optimal and statistically significant relationships. The experiment was conducted on the basis of determining the optimal model for forecasting the risk of the spread of one of the most significant threats in Ukraine – data confidentiality breach (54.67%), depending on the variables that characterize the capabilities / vulnerabilities of the cyber security system in Ukraine. The experiment showed that the optimal model emphasizes the predictors characterizing the vulnerability of the organizational cyber security system – "Departmental level of cybersecurity monitoring" and capabilities: "The level of use of risk management approaches at the operational level" and "The level of methodological support for cybersecurity of the critical infrastructure system".