Stealthy false data injection attacks (SFDIAs) pose serious threats to the stability and operation of power systems, with the potential to initiate cascading failures. These attacks depend on extensive access to system measurements, and the likelihood of gaining such access is closely linked to the structure of the system’s cyber-layer. However, the role of the cyber-layer in assessing SFDIA vulnerabilities has been largely overlooked in the literature, leading to oversimplified risk evaluations and suboptimal mitigation strategies. To address this gap, this paper first proposes a new cyber-physical risk metric (CPRM) to assess the system’s vulnerability to SFDIAs. The CPRM combines the physical impact of losing a transmission line–such as load shedding or generation loss–with the probability of such a loss resulting from an SFDIA. The likelihood of losing a transmission line is estimated by identifying all critical phasor measurement unit (PMU) sets, defined as sets whose measurements can be manipulated to stealthily overload the line. These critical PMU sets are determined using an algorithm that solves multiple bilevel optimization problems. Next, Bayesian attack graphs (BAGs) are developed for each substation and communication link to model potential access pathways and calculate the probability of compromising the identified critical PMU sets. Building on this analysis, the paper introduces a novel data aggregation reconfiguration (DAR) scheme that dynamically modifies the cyber-layer structure using software-defined networking (SDN) to minimize the risk of SFDIAs. Simulation results from the IEEE 39-bus test system demonstrate that the proposed DAR scheme significantly enhances the system’s resilience against SFDIAs.