May 13, 2015 | by MSCI & Boeing Center for Technology, & Information & Manufacturing Practicum Report

Your Cyber Security Risk

Are you as protected as you think?


With hackers and severe data breeches in the news often, how safe is your company’s valuable information? According to a report by the Ponemon Institute, the average cost of cybercrime to U.S. companies in late 2014 was $12.7 million per year.

Are we as protected as we think, and how long would it take to be up and running again after a breech?

With these questions in mind, MSCI commissioned the Boeing Center for Technology, Information & Manufacturing to research and report on the cyber security threat, specifically in the metals industry.  The top three takeaways from the report that executives need to know are:

1. Cyber security efforts require C-suite buy-in.  Executives must be directly involved in the management of their company’s cyber risk, developing necessary processes and policies. Little happens in this arena without top executives pushing for and supporting change.

2. The biggest risk—to any size company—is internal.  Employees have access to critical information.  That fact, coupled with a lack of proper cyber security policies, procedures and processes leads to vulnerabilities.  An example: most employees are not trained to detect email and phishing scams (the U.S. Steel and Alcoa breaches a few years ago were prompted by phishing scams).

3. If a company is unsure about reducing their cyber security risk, the policies and procedures necessary and the next steps, they should look for a specialized third party with the necessary expertise to help.

MSCI Members can find the executive summary and report, along with helpful checklists and resources, here.