As electric sector stakeholders make the decision to upgrade traditional power grid architectures by incorporating smart grid technologies and new intelligent components, the benefits of added connectivity must be weighed against the risk of increased exposure to cyber attacks. Therefore, decision makers must ask: how smart is smart enough? We present a probabilistic risk analysis approach to this problem. Central to this approach is a new network security model based on a reformulation of the classic “multi-armed bandits” problem, where instead of projects with uncertain probabilities of success, a network defender faces network nodes that can be attacked at uncertain Poisson-distributed rates. Probing these nodes provides additional information about their vulnerability, but at a cost. Using this new technique, which by similarity we call “multi-node bandits”, we compute the net marginal benefits of increased connectivity. We illustrate this model by the quantification of the overall cyber risk to the physical and informational networks of a smart grid in order to identify the optimal degree of “smartness” and the best risk management strategy.