Cyberattacks are rapidly increasing and cyber-criminals are getting more creative than ever. Hackers have successfully extracted millions of dollars in ransoms from organizations like schools and hospitals. Taking steps to address cyber risk is in every organization’s interest because it’s not a question of whether, but when these attacks will occur. And there’s no question that a successful breach of your systems will take a financial toll. For that reason, CFOs and other finance leaders cannot afford to shrug off preparation for cyber risk as just another item on IT’s checklist. This article reviews the metric "percentage of top risk assessed that are cyber" and discusses three recommendations based on the moves APQC sees top companies making.