ROLLING MEADOWS, Ill.--(BUSINESS WIRE)--According to a report commissioned by the Metals Service Center Institute (MSCI), cyber security poses complicated threats for metals companies. The report was compiled by graduate students at the Boeing Center for Technology, Information & Management (BCTIM) at the Olin School of Business at Washington University in St. Louis.
Other research has shown that cyber crimes are growing more common, more costly, and taking longer to resolve. According to the findings of the fifth annual Cost of Cyber Crime Study conducted by the respected Ponemon Institute* the 2014 global study of U.S.-based companies found that the average cost of cyber crime climbed by more than 9 percent to $12.7 million for companies in the United States, up from 11.6 million in the 2013 study. The average time to resolve a cyber attack is also rising, climbing to 45 days, up from 32 days in 2013.
“With data breaches happening frequently, our members—and all companies—must be concerned about the safety of their data and honestly ask themselves if they are as well protected as they think they are,” said M. Robert Weidner, III, MSCI president and CEO. “The potential damage to the company is compounded by how long it would take to be up and running again—and at what cost—and the cost of lost revenue.”
These concerns and questions prompted MSCI to ask BCTIM to research the cyber security threat, specifically as it relates to the metals industry. From the report, three key lessons for executives concerned or dealing with cyber security emerged:
1. Cyber security efforts require C-suite support. Executives must be directly involved in the management of their company's cyber risk, creating and implementing the processes and policies necessary. Little happens in this arena without the top executive pushing for and supporting change.
2. The biggest risk—to any size company—is internal. Employees have access to critical information. That fact, coupled with a lack of proper cyber security policies, procedures and processes leads to vulnerabilities. An example: Most employees are not trained to detect email and phishing scams (the U.S. Steel and Alcoa breaches a few years ago were prompted by phishing scams).
3. If a company is unsure about reducing their cyber security risk, the policies and procedures necessary and the next steps to take, they should get help from a specialized third part with the necessary expertise.
MSCI members can view the CyberSecurity Report checklist and additional materials online.
Founded in 1909, the Metals Service Center Institute is a non-profit association based in Rolling Meadows, Ill., serving the metals industry. For more information, visit www.MSCI.org. Like us on Facebook at Metals Service Center Institute, follow us on Twitter @MSCITweets, and connect with us on LinkedIn at Metals Service Center Institute.
*Ponemon Institute on behalf of HP Enterprise Security