Over the past few decades, we have witnessed how the world around us has become increasingly digitalized. Technology deeply pervades our lives, causing an ever greater dependence on it. However, the evolution of cybersecurity has not been as fast, creating a gap that can be exploited by malicious actors and, therefore, increasing the possibility of attacks occurring and the severity of their consequences. In this context, risk assessment has become increasingly important over time and attempts to automate it are becoming more and more common. However, these solutions often overlook how the implemented security measures influence the outcome of the process, focusing mainly on identifying vulnerabilities or threats.