In recent years, the increasing digitalisation and interconnectedness of railway systems have underscored the critical importance of robust cybersecurity measures. Notable cybersecurity incidents, such as the sabotage of more than 20 trains in Poland via simple "radio-stop" commands using low-cost equipment, highlight the vulnerability of these complex systems to disruptions that can have far-reaching consequences. Moreover, the evolving threat landscape, characterised by increasingly sophisticated ransomware and distributed denial-ofservice (DDoS) attacks, poses ongoing challenges that demand continuous vigilance and adaptation. The regulatory response, including stringent EU directives such as the Cybersecurity Act and the NIS 2 Directive, reflects a concerted effort to elevate the cybersecurity standards that impact the transportation sector. The objective of this work is to provide a cybersecurity risk assessment of the Virtually Coupled Train Set (VCTS) design that is developed within the R2DATO EU Rail project. This work leverages the methodologies developed under the Shift2Rail (S2R) initiative, particularly the X2Rail-5 project. The assessment aims to identify potential vulnerabilities and assess the impact of potential threats. Risk and target security level evaluations for VCTS are presented for identifying applicable security requirements from IEC 62443. By applying a risk assessment tool based on IEC 62443-3-2 and CLC/TS 50701 towards regulatory compliance measures, this work seeks to fortify the cybersecurity of railway systems, ensuring safer and more reliable operations in an increasingly digital landscape.