Cyber Security Could Pose Threat to Metals Industry

According to a report commissioned by the Metals Service Center Institute (MSCI; Rolling Meadows, IL), cyber security could pose complicated threats for metals companies. The report was compiled by graduate students at the Boeing Center for Technology, Information & Management (BCTIM) at the Olin School of Business at Washington University in St. Louis, MO.

Other research has shown that cyber crimes are growing more common, more costly, and taking longer to resolve. According to the findings of the fifth annual Cost of Cyber Crime Study conducted by the respected Ponemon Institute, the 2014 global study of U.S.-based companies found that the average cost of cyber crime climbed by more than 9 percent to $12.7 million for companies in the United States, up from 11.6 million in the 2013 study. The average time to resolve a cyber attack is also rising, climbing to 45 days, up from 32 days in 2013.

“With data breaches happening frequently, our members, and all companies, must be concerned about the safety of their data and honestly ask themselves if they are as well protected as they think they are,” said M. Robert Weidner, III, the president and chief executive officer of MSCI. “The potential damage to the company is compounded by how long it would take to be up and running again, and at what cost, and the cost of lost revenue.”

These concerns and questions prompted MSCI to ask BCTIM to research the cyber security threat, specifically as it relates to the metals industry.

From the report, three key lessons for executives concerned or dealing with cyber security emerged:

• Cyber security efforts require C-suite support. Executives must be directly involved in the management of their company’s cyber risk, creating and implementing the processes and policies necessary. Little happens in this arena without the top executive pushing for and supporting change.
• The biggest risk, to any size company, is internal. Employees have access to critical information. That fact, coupled with a lack of proper cyber security policies, procedures and processes leads to vulnerabilities. An example: Most employees are not trained to detect email and phishing scams (the U.S. Steel and Alcoa breaches a few years ago were prompted by phishing scams).
• If a company is unsure about reducing their cyber security risk, the policies and procedures necessary and the next steps to take, they should get help from a specialized third part with the necessary expertise.

www.msci.com