As one of the largest safety-critical infrastructure, nuclear power plants (NPPs), adopt digital technologies, cyber security has become a natural issue. Nonetheless, compared to other complex systems, the development of a cyber-risk assessment method for NPPs is in its infancy. As a start of developing cyber-risk assessment methodology, initiating threats and their bounding were suggested through incident history analysis. Major 4 scenarios were developed and their bounding groups were suggested by their nature of attacks. The study is meaningful in that it presents all initiating threats and their bounding groups based on the historical incidents, and also it could be further applied to describe scenarios and models of NPP cyber-risk assessments.