Cumulative exposure is a cybersecurity risk metric that quantifies the total risk an organization faces by multiplying the number of vulnerable assets by the number of days each asset remains exposed. This approach provides a comprehensive view of risk over time, rather than just a snapshot, enabling organizations to prioritize remediation efforts based on both the volume and duration of vulnerabilities. By tracking cumulative exposure, security teams can better understand how long vulnerabilities persist and how this persistence increases the likelihood of exploitation. This metric is particularly useful for measuring the effectiveness of vulnerability management programs and for communicating risk to stakeholders in a clear, quantifiable manner.