According to the “Law on protection and response measures for nuclear facilities and radiation”, Nuclear Power Plant (NPP) licensees should conduct periodic exercises based on hypothetical cyberattack scenarios, and there is a need to select significant and probable ones in a systematic manner. Since cyber-attacks are carried out intentionally, it is difficult to statistically specify the sequences, and it is not easy to systematically establish exercise scenarios because existing engineering safety facilities can be forcibly disabled. To deal with the above situation, this paper suggests a procedure using the Probabilistic Safety Assessment (PSA) model to develop a cybersecurity exercise scenario. The process for creating cyber security exercise scenarios consists of (i) selecting cyber-attack-causing initiating events, (ii) identifying digital systems, (iii) assigning cyber-attack vectors to a digital system, (iv) determining and adding type for operator’s response, (v) modifying a baseline PSA model, and (vi) extracting top-ranked minimal cut sets, and (vii) selecting a representative scenario. This procedure is described in detail through a case study, an expected cyber-attack scenario General Transient-Anticipated Transient Without Scram (GTRN-ATWS). It refers to an accident scenario for ATWS induced by GTRN. Since ATWS is targeted for cyber training in some NPPs, and GTRN is one of the most common accidents occurring in NPPs, GTRN-ATWS was chosen as an example. As for the cyber-attack vector, portable media and mobile devices were selected as examples based on expert judgment. In this paper, only brief examples of GTRN-ATWS events have been presented, but future studies will be conducted on an analysis of all initiating events in which cyber-attacks can occur.