Service center executives tend to focus on sales, not cyber security. Hackers are only a threat to big corporations, right? And anyway, Tom down in IT is on top of it, they think to themselves. In fact, like all companies, service centers have become increasingly dependent on electronic communication, the Internet and computer hardware and software in the daily operation of their businesses. Such reliance only heightens their vulnerability to cyber security threats. Securing important data from nefarious individuals both outside and inside the company is a task top executives should make a personal priority.
Cyber crimes are growing more common, more costly and are taking longer to resolve, according to a recent report commissioned by the Metals Service Center Institute, Rolling Meadows, Ill. In their fifth Cost of Cyber Crime Study, graduate students at Washington University’s Boeing Center for Technology, Information & Management in St. Louis found that the average cost of cyber crime to a U.S. company climbed more than 9 percent to $12.7 million, up from $11.6 million in the 2013 study. The average time to resolve an attack increased from 32 days to 45.
“With data breaches happening frequently, all companies must be concerned about the safety of their data and honestly ask themselves if they are as well protected as they think they are, ” says Bob Weidner, MSCI president and CEO. “The potential damage to the company is compounded by how long it would take to be up and running again, at what cost, and the cost of lost revenue.”
These concerns prompted MSCI to ask BCTIM to research the cyber security threat, specifically as it relates to the metals industry. Three key lessons emerged from the report:
• Cyber security efforts require C-suite support. Executives must be directly involved in the management of their company's cyber risk, creating and implementing the processes and policies necessary. Little happens in this arena without the top executive pushing for and supporting change, researchers found.
• The biggest risk to any size company is internal. Employees have access to critical information. A lack of proper cyber security policies, procedures and processes leads to vulnerabilities. Most employees are not trained to detect email attacks, but breaches at U.S. Steel and Alcoa a few years earlier were prompted by email phishing scams.
• If a company is unsure about reducing its cyber security risk, the policies and procedures necessary and the next steps to take, it should get help from a specialized third party with the necessary expertise.
MSCI members can view the Cyber Security Report at www.msci.org
For more on information technology enhancements in the metals service center sector, see the IT Solutions supplement to be delivered with the August issue of Metal Center News.