$37.28M.

Maximum exposure across 16 regulatory frameworks. GDPR Art 83 alone: up to $20M or 4% global turnover. HIPAA wilful neglect uncorrected: $2.13M+ per violation.

The number an auditor wouldn't say out loud.

PC-001 · GDPR Art 83 · Tier 2 WORST CASE

4% of $500M global turnover · $20M max · either-or higher.

Model your own org's exposure, brief the board, prioritize controls.