This study introduces a text-mining-based framework for cyber-risk assessment and mitigation using data from online hacker communities. The framework identifies hacker expertise levels (from newbie to advanced) based on explicit and implicit features such as cybersecurity keywords, attachment sharing, and sentiment. It highlights the role of expert hackers as leaders within these forums and how novice hackers evolve through social learning. The framework also provides a cyber-risk mitigation strategy by assessing the financial impact of various hacker expertise and attack-type combinations and prioritizing mitigation efforts based on likelihood and impact.