Mining Boards Aware of Cybersecurity Risks: EY

Cybersecurity has become increasingly important for CEOs as digitalization makes companies more vulnerable to cyberattacks. The mining sector is no exception, with companies facing more frequent attacks from hackers. This presents challenges for mining companies that need to keep pace with evolving hacking technology to protect their machinery and equipment.

According to Accenture's Cybersecurity Resilient CEO report, 96% of surveyed CEOs understand the importance of cybersecurity, recognizing it as a key factor for growth, stability, and competitiveness. Despite this awareness, only 33% of CEOs have a deep understanding of the cyber threats landscape, indicating that not all companies are considered cyber resilient.

The study shows that 74% of CEOs are concerned about their organization's ability to prevent or minimize damage from cyberattacks. Around 60% claim to have implemented common cybersecurity practices, but they acknowledge that this is not sufficient. Meanwhile, almost half of the CEOs believe that cybersecurity requires episodic intervention rather than considering it a key business element requiring continuous attention, while 54% of them believe that the cost of implementing cybersecurity measures is higher than the cost of a cyberattack. 

The Mining Sector and Cybersecurity

2024 marked a significant year for cybersecurity in the mining sector as it reemerged as a significant concern for companies in EY’s Risks and Opportunities Survey 2024, securing the eighth spot. According to EY, the resurgence of cybersecurity as a relevant topic is explained by the resurgence of digitization in the sector, the surge in remote work, and geopolitical tensions like the Russian-Ukraine war. 

EY's data reveals that more than 40% of boards feel confident in their grasp of the most significant risks facing their organizations. According to Paul Mitchell, Global Mining & Metals Leader, EY, a crucial element in ensuring reliable and resilient operations is understanding the current cyber risk landscape and threats. “Today, all mining organizations are digital by default, operating in a vast, connected digital landscape where every asset represents another node in the network and increases the attack surface. A recent EY survey found 74% of mining and metals executives said integrating technology is a key challenge, compared with 37% for all sectors,” reads the report. 

In line with EY’s findings, David Tintor, Director of Operations, TBSEK, said that in the mining sector, equipment obsolescence is different than in other sectors. He notes that in other industries, equipment like computers is replaced almost every three to four years, while servers are usually replaced every five years. In the mining industry, equipment and components are designed to last up to 30 years. “The obsolescence challenge is complex, it is not merely a lack of updates. While crime evolves quickly, the production line installed 10 or 15 years ago was not designed to anticipate the sophisticated techniques employed by contemporary cybercriminals,” Tintor said in an interview with MBN.

Tintor highlights that another factor that makes mining more appealing for cybercriminals is the easy quantifiability of the damage. “If you are a mining company, and cybercriminals disable your mill, every second it is stopped costs about US$5.97. Multiply that by 3,600 for an hour, and the financial impact can accumulate, even for days. They make it clear: Pay US$1 million or suffer damage worth US$10 million,” he explained.