The cyber security of nuclear power plants (NPPs) recently has become a big issue, and a utility is requested to comply with cyber security controls and to perform cyber security risk management. However, it is practically difficult to fully implement the security controls with limited resources. The ultimate goal of implementing cyber security controls is to reduce risk. Since it is almost impossible to reduce risk by implementing all of the controls, it is necessary to follow them in order of priority for efficiency. This means that it is required to find which cyber security controls are relatively more important and effective than the others. The goal of this study is to quantify the relative importance of NPP cyber attack probability variables. The cyber attack probability variables were investigated by a literature survey, and they were classified into two types: (1) attacker-related variables and (2) target-related variables. The factor analysis (FA) method was applied to confirm the validity of the rearrangement and classification results, and the analytical hierarchy process (AHP) method was applied to evaluate the relative importance among the variables.