Comparison Overview

Metalloinvest

VS

Gerdau

Metalloinvest

28, Rublevskoye shosse, Moscow, Russia, 121609, Moscow, 121609, RU
Last Update: 2026-01-17
View Profile
Between 750 and 799
https://http://metalloinvest.com

Metalloinvest is a leading global iron ore and HBI producer and supplier and one of the regional steel producers. Metalloinvest extracts and exploits iron ore fr om the second largest measured iron ore reserve base in the world with approximately 14.6 billion tonnes of proven and probable reserves on a JORC equivalent basis and about 150 years of reserve life. In 2012, according to CRU, the company was: - the leading producer of merchant HBI in the world - 40% share of the global market, - the third largest producer of pellets in the world, - the fifth largest commercial iron ore producer in the world. Metalloinvest is a global player in the production of iron ore products, processing the majority of its primary iron ore concentrate production into value-added products, such as iron ore pellets and HBI/DRI.

NAICS: 212
NAICS Definition: Mining (except Oil and Gas)
Employees: 546
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Gerdau

Av. Das Nações Unidas, 8501, 8º andar, São Paulo, São Paulo, BR, 05425070
Last Update: 2026-01-22
Between 750 and 799
https://gerdau.com.br

With a history spanning 122 years, Gerdau is Brazil's largest steel producer, one of the leading producers of long steel in the Americas and of special steel in the world. In Brazil, Gerdau also produces flat steel and iron ore for its own use. Gerdau also has a new business division, Gerdau Next, which fosters entrepreneurship in segments adjacent to the steel industry. Guided by its purpose of empowering people who build the future, Gerdau has operations in nine countries and over 30,000 direct and indirect employees. Gerdau is the largest recycling company in Latin America and uses scrap as an important input, with 73% of the steel it produces made from scrap. Every year, Gerdau transforms 11 million tonnes of scrap into a variety of steel products. Gerdau also is the world’s largest charcoal producer, with over 250 hectares of planted forests in the state of Minas Gerais. As a result of its sustainable production matrix, Gerdau currently has one of the industry’s lowest average greenhouse gas emissions (CO₂e), of 0.86t/CO₂e per tonne of steel, which is about half the global industry average of 1.91 t/CO₂e per tonne of steel (worldsteel). By 2031, Gerdau’s target is to reduce its carbon emissions to 0.83 t/CO₂e per tonne of steel. Gerdau’s shares are listed on the São Paulo (B3), New York (NYSE) and Madrid (Latibex) stock exchanges.

NAICS: 212
NAICS Definition: Mining (except Oil and Gas)
Employees: 22,663
Subsidiaries: 4
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/metalloinvest.jpeg
Metalloinvest
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/gerdau.jpeg
Gerdau
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Metalloinvest
100%
Compliance Rate
0/4 Standards Verified
Gerdau
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Mining Industry Average (This Year)

No incidents recorded for Metalloinvest in 2026.

Incidents vs Mining Industry Average (This Year)

No incidents recorded for Gerdau in 2026.

Incident History — Metalloinvest (X = Date, Y = Severity)

Metalloinvest cyber incidents detection timeline including parent company and subsidiaries

Incident History — Gerdau (X = Date, Y = Severity)

Gerdau cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/metalloinvest.jpeg
Metalloinvest
Incidents

No Incident

https://images.rankiteo.com/companyimages/gerdau.jpeg
Gerdau
Incidents

No Incident

FAQ

Gerdau company demonstrates a stronger AI Cybersecurity Score compared to Metalloinvest company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Gerdau company has disclosed a higher number of cyber incidents compared to Metalloinvest company.

In the current year, Gerdau company and Metalloinvest company have not reported any cyber incidents.

Neither Gerdau company nor Metalloinvest company has reported experiencing a ransomware attack publicly.

Neither Gerdau company nor Metalloinvest company has reported experiencing a data breach publicly.

Neither Gerdau company nor Metalloinvest company has reported experiencing targeted cyberattacks publicly.

Neither Metalloinvest company nor Gerdau company has reported experiencing or disclosing vulnerabilities publicly.

Neither Metalloinvest nor Gerdau holds any compliance certifications.

Neither company holds any compliance certifications.

Gerdau company has more subsidiaries worldwide compared to Metalloinvest company.

Gerdau company employs more people globally than Metalloinvest company, reflecting its scale as a Mining.

Neither Metalloinvest nor Gerdau holds SOC 2 Type 1 certification.

Neither Metalloinvest nor Gerdau holds SOC 2 Type 2 certification.

Neither Metalloinvest nor Gerdau holds ISO 27001 certification.

Neither Metalloinvest nor Gerdau holds PCI DSS certification.

Neither Metalloinvest nor Gerdau holds HIPAA certification.

Neither Metalloinvest nor Gerdau holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
References
Description

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Description

Azure Entra ID Elevation of Privilege Vulnerability

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
Description

Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References