Journal of Information Security Research Duong Van Hieu 17 2 2026 https://doi.org/10.6025/jisr/2026/17/2/76-90 https://www.dline.info/jisr/fulltext/v17n2/jisrv17n2_1.pdf Traditional cyber risk assessment and intrusion detection systems frequently rely on mean based statistical summaries, which inadequately capture the extreme events and heavy tailed distributions inherent in network traffic. This study introduces a quantile based analytical framework to characterize network response time as a robust indicator of cyber threat severity. Utilizing a comprehensive real world dataset comprising over 211,000 network flows, we evaluate response time distributions across threat severity levels, detection statuses, attack categories, and temporal dynamics. The analysis reveals pronounced rightskewness, zero inflation, and substantial variance in response times, rendering average-based metrics insufficient. Quantile based comparisons demonstrate that high severity threats are distinguished not by typical interaction durations but by significantly elevated upper quantiles, reflecting prolonged, complex attack behaviors. Furthermore, detection systems exhibit higher efficacy against long duration sessions, highlighting potential blind spots for transient or stealthy attacks. Temporal analysis further confirms the bursty, clustered nature of malicious activity. By shifting focus from central tendency to distributional tail behavior, this quantile driven approach provides a more nuanced and accurate foundation for severity assessment and anomaly detection. The findings underscore the necessity of integrating robust statistical modeling with machine learning frameworks to enhance cyber defense capabilities. Future research will prioritize real time implementation, model interpretability, and validation across diverse operational networks to ensure scalable and practical deployment in dynamic threat landscapes.