Skip to main content

Mining and metals industry needs to prepare for cyber attacks, EY report finds

In the ever-changing technological landscape of the mining industry, a new report has revealed that a large portion of mining companies aren’t fully ready to hand the threat of cyber-attacks.

Advancements in technology including IoT, automation and Big Data see more and more companies looking at how technology and data capture can unlock efficiencies, cost savings and provide true value.

With technology however, comes risk and the World Economic Forum has identified cyber security/cyber-attack as one of the top five risks the world faces today.

In its latest report; “Does cyber risk only become a priority once you’ve been attacked?” EY has discovered that the sector is struggling to close the cyber maturity gap and that mining companies may be lagging behind the rest of the energy sector in how they protect operational technology.

The report revealed that in 2017, 55% of mining operators experienced a significant cyber security incident, with 48% believing that it is unlikely that they would even be able to distinguish and identify a sophisticated attack.

Related stories:

Despite an increase in investment into cyber security initiatives (53% over the last 12 months) a huge 97% of organisations have admitted that their current cuber security function does not fully meet their organisations needs.

The belief across the industry, is that too many mining and metals companies are taking an “ad hoc” approach and acting when its already too late to manage their risks and vuylnerablities.

What needs to happen, is a change in culture.

Argues Michael Rundus, EY Global Mining & Metals Cybersecurity Leader; “Increased adoption of digital technologies to drive productivity across the mining and metals sector has resulted in a growing digital footprint and associated cyber threat profile. We estimate that mining companies are in fact lagging the rest of the energy sector by several years in how they protect operational technology. If companies continue to take an ad hoc approach to cybersecurity, or act when it is too late to manage vulnerabilities, cyber risk could be the downfall of organizations’ productivity gains and digital advancement aspirations.”

“A cultural step-change in the awareness of cyber risk is required to address increased demand to embed cyber resilience and preparedness. As a first step toward closing the cyber maturity gap, boards need to ensure that they understand the threat landscape and apply a risk-focused mindset to transform the questions they ask of management."

To read the full report, click here. 


Facebook Conversations