I replied that I would blog on this "...soon". Ha! Almost four months later. Well, better late than never.
Short answer: No, MPT doesn't apply. Read on for explanations.
NOTE: "Cyber security risk" in this article is quantified risk -- probabilistic costs of loss events or probabilistic total costs of cyber security. Not talking about color-coded risk, categorical risk, or ordinal scores for risk. I don't ever talk about them, if I can help it.