Cybersecurity in mining and metals


#1

Cyber threats are evolving and escalating at an alarming rate for mining and metals, and other asset-intensive industries. Understanding the current cyber risk landscape and the threats new technologies bring is critical for planning reliable and resilient operations.

What EY can do for you

Our approach to cybersecurity is to apply good risk management principles. We start by reframing the issue as cyber risk. We assess the business risks, critical assets and risk event scenarios. Then we balance the organizational risk appetite, and controls environment, governance and business constraints to determine a cyber risk-based framework and program.

We believe that regardless of the framework adopted, your organization should take a risk-based approach that is fit for purpose, adopts a balance between “protect” and “react,” and meets the organization’s operational requirements.

Cyber threats are growing at an exponential rate globally, with more than half of energy and resources participants in our 20th Global Information Security Survey 2017–18 having experienced a significant cybersecurity incident in the last year.

The convergence of information technology and operational technology makes companies more vulnerable to continued rogue activity in the sector. Today, all mining organizations are digital by default — in an increasingly connected world, the digital landscape is vast, with every asset owned or used by an organization representing another node in the network. With the increasing investment in digital and reliance on control systems for efficient operations, the attack surface is only getting larger.

To address cyber risks as well as the gaps in cyber resilience and preparedness caused by the “human factor,” the mining and metals sector must undergo a fundamental change in cyber risk culture and awareness.

Understanding the cyber threat landscape is the vital foundation step. Mining and metals companies need to have a clear plan that forms part of their digital road map and risk management plan.