According to a report commissioned by the Metals Service Center Institute (MSCI), cyber security poses complicated threats for metals companies.
The report was compiled by graduate students at the Boeing Center for Technology, Information & Management (BCTIM) at the Olin School of Business at Washington University in St. Louis.
Other research has shown that cybercrimes are growing more common, more costly, and taking longer to resolve. According to the findings of the fifth annual Cost of Cyber Crime Study conducted by the respected Ponemon Institute the 2014 global study of U.S.-based companies found:
- The average cost of cybercrime climbed by more than 9% to $12.7 million for companies in the United States, up from 11.6 million in the 2013 study
- The average time to resolve a cyber-attack is also rising, climbing to 45 days, up from 32 days in 2013
With data breaches happening frequently, our members and all companies must be concerned about the safety of their data and honestly ask themselves if they are as well protected as they think they are,” said M. Robert Weidner, III, MSCI president and CEO. “The potential damage to the company is compounded by how long it would take to be up and running again and at what cost and the cost of lost revenue
These concerns and questions prompted MSCI to ask BCTIM to research the cyber security threat, specifically as it relates to the metals industry.
From the report, three key lessons for executives concerned or dealing with cyber security emerged:
- Cyber security efforts require C-suite support. Executives must be directly involved in the management of their company’s cyber risk, creating and implementing the processes and policies necessary. Little happens in this arena without the top executive pushing for and supporting change.
- The biggest risk to any size company is internal. Employees have access to critical information. That fact, coupled with a lack of proper cyber security policies, procedures and processes leads to vulnerabilities. An example: Most employees are not trained to detect email and phishing scams (the U.S. Steel and Alcoa breaches a few years ago were prompted by phishing scams).
- If a company is unsure about reducing their cyber security risk, the policies and procedures necessary and the next steps to take, they should get help from a specialized third part with the necessary expertise.