A recent Ernst & Young survey on global information security has revealed an increase in cyberthreats to asset-intensive industries such as mining.
In a report entitled Does cyber risk only become a priority once you’ve been attacked?, EY Global Mining & Metals notes the sector’s increasing shift into digital reliance on automation systems, remote monitoring of infrastructure and real-time decision making across the mining value chain.
By 2021, the cost of cybersecurity breaches is expected to reach $US6 trillion ($8.4 trillion) globally, which is twice the amount in 2015, according to leading researcher Cybersecurity Ventures.
The World Economic Forum has also suggested cybersecurity breaches as one of the top five “most serious risks facing the world today”.
But this can be tackled with a better understanding and security of the digital environment in which mining companies operate, or their interactions with it.
EY global mining and metals advisory leader Paul Mitchell said, “The responsibility of managing exposure to cybersecurity risks is not one that can be delegated to one or two individuals.
“Rather, a broad range of individual responsibilities should be brought together to form a single coherent and accessible view of the threat environment.”
Boards of management can play a vital role in addressing cybersecurity risks by identifying specific reporting, metrics and insight that provide visibility and assurance over this risk management.
Cybersecurity budgets also need to be increased in response to the growing threat.
Importantly, companies need to cast special attention on “attack paths” that are commonly used by hackers. These include network architecture, legacy industrial technologies, basic access controls and security configurations, maintenance processes remote staff and third-party access as well as security awareness.
A risk-based approach will prevent disruptions to operations, and importantly, to workers’ health and safety.