Deliberate attacks (security attacks) pose a significant threat to offshore Oil&Gas critical infrastructures as they have the potential of triggering major event scenarios with severe consequences on people, property, and the surrounding environment. The standards API RP 70 and API RP 70I address security issues in the offshore Oil&Gas sector, providing a semi-quantitative approach to evaluate the actual level of security risk. However, as the credibility of security attacks grows, security risk assessments should be approached in a more systematic and quantitative way to measure vulnerabilities and determine the level of protection available in the site. In this context, the present study introduces a systematic quantitative procedure using Bayesian Network (BN) to calculate the probability of success of physical attacks and the role of preventive and mitigative response strategies. The procedure is applied to a case study allowing to show its potential for improving security in the offshore Oil&Gas industry.