For several years, Security Operation Centers (SOCs) have relied on tools such as Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) for reactive threat detection and risk management. However, these tools are becoming inadequate in detecting the current threat landscape, which is continuously increasing in terms of volume and variety, and targeting the most vulnerable component in the kill-chain, the human actor. This manuscript presents a novel data-driven approach that models user and entity behaviour in the early stages of the kill-chain. The proposed system estimates the probability of an entity being exposed by a threat actor during the delivery stage, thereby providing better anticipation time allowing the end-user to undertake mitigation focusing on concrete entities. Moreover, the framework has been tested in a real-life scenario executing different realistic phishing simulations and achieving successful results.