Andersen Alumni Newsletter
← Back to Issue

Cyber Risk: The Six Questions Most Leaders Can’t Answer

By Warren R. Turner Former Arhtur Andersen Enterprise Group Manager, Founder of Andersen Alumni Association and Partner Cardinal Points Group wturner@cardinalpoints.com

Most CFOs and business leaders believe they have cybersecurity under control. Then they’re asked six simple questions and the confidence disappears. How much would a cyberattack cost your business? If operations stopped for 25 days, would you be out of business? If an attacker has been inside your network for six months, would you even know?

The Six Questions That Matter

1. What is the total financial impact of a cyberattack on your company?

2. What would 25 days of downtime cost you revenue, EBITDA, and client impact?

3. If a $250K ransom is demanded, what is the true all-in cost?

4. How long would it take you to detect an active breach?

5. If your core data was wiped, what’s the recovery cost?

6. Would your cyber insurance actually respond including AI-related exposure?

 

Here’s the reality:

- 90% of companies are underinsured by 4–5x their true exposure

- The ransom is rarely the real cost

- Business interruption, legal exposure, and reputational damage compound quickly

- The average breach goes undetected for 200+ days

By the time most organizations respond, the damage is already done.

 

 

Where the Real Exposure Lives

Cyber risk is not a technology issue it’s a financial exposure issue.

- Downtime shifts losses from internal disruption to third-party liability

- Recovery costs often exceed the ransom by multiples

- Smaller companies frequently don’t recover at all

- Insurance policies are increasingly misaligned with real-world scenarios

 

A Better Way to Think About It

The companies getting this right are reframing cyber risk the same way they view:

- Credit risk

- Operational risk

- Market risk

They’re quantifying exposure in dollars, not dashboards.

 

Bottom Line

If you can’t clearly quantify your cyber exposure, you don’t have control of it.

And in today’s environment, that’s not a technology gap it’s a business risk.

 

Giving Credit Where Credit is Due  

Much of the above was from derived from trusted friends and subject matter experts Ralph Pasquariello and Craig Sekowski at CYBERISKIQ,  a risk management consulting firm that translates cyber threats into business and financial terms. If you have questions regarding your Company’s Cyber Risk Coverage, I would encourage you to have a conversation with Ralph or Craig directly, as they can help you navigate this complex risk. 

Warren R. Turner
Warren Turner is the Managing Partner of Cardinal Points Group, LLC, a professional services firm providing fractional C-Level Executive expertise to technology OEMs and their channel ecosystems helping business owners and leadership teams drive profitable growth and transform. His work spans M&A, branding, talent, and new business development, supported by globally taught methodologies he has authored to help leaders build durable, high-performing organizations. In 1998 he founded the Andersen Alumni Association™