Competitive landscape

Leading cybersecurity adopters and vendors in mining

Credit: Bert van Dijk/Getty images.

Powered by

Cybersecurity should be a key concern for all companies in the mining sector, but who are the companies making their mark within the cybersecurity theme? Here we look at some of the mining companies currently leading the way in deploying cybersecurity solutions and the specialist vendors of such solutions to the mining industry.

Leading cybersecurity adopters in mining

Anglo American, UK 

Anglo American has a global security team across Australia, the UK, Botswana, Brazil, Chile, Singapore, South Africa, and Spain. Its approach focuses on hiring cybersecurity experts and training current employees. For example, in 2022, the company launched a two-year cybersecurity apprenticeship for its Woodsmith Project in Scarborough (UK), to introduce new talent and address the overall cybersecurity skills shortage. Anglo American searched for the next group of cybersecurity apprentices in 2023.  

However, in December 2023, Anglo American had its email distribution channels compromised, resulting in a crudely worded message and an inappropriate graphic sent to company newsletter subscribers.  

In January 2024, Anglo American, together with BHP, Antofagasta, Codelco, and Collahuasi, launched the Mining Cybersecurity Corporation, aiming to generate and share cyber-intelligence information for early warning and response and to promote a culture of cybersecurity in mining operations. 

Antofagasta, Chile 

At the end of 2020, Antofagasta used its COVID-19-induced digital transformation to strengthen its cybersecurity. The company used this time to focus on the digital literacy of its employees. Around 2,200 employees took digital literacy courses with cybersecurity learning as a key focus. Around 10% of these employees took more advanced courses.   

In 2022, Antofagasta deployed private 5G networks to some of its Chilean copper mine sites in partnership with Nokia. The private 5G networks enable secure operations with high capacity and low latency. The company also employed a set of rules and procedures, including a disaster recovery plan, to restore critical IT functions in the event of an attack.  

In January 2024, Antofagasta, together with BHP, Anglo American, Codelco and Collahuasi, launched the Mining Cybersecurity Corporation, aiming to generate and share cyber-intelligence information for early warning and response and to promote a culture of cybersecurity in mining operations. 

BHP, Australia 

BHP considers cyber threats a top priority, closely monitoring its IT and OT systems. To enhance its cybersecurity, the company is growing its team of specialists, including security architects, incident response personnel, and forensic investigators.  

The company’s code of conduct is detailed about safeguarding its technology systems to protect against viruses, ransomware attacks, security breaches, theft, or loss of BHP property, including describing hypothetical scenarios to raise employees’ awareness. In April 2024, it also introduced measures such as multi-factor authentication with existing and new contractors. 

Rio Tinto, UK 

Rio Tinto identifies cybersecurity as a principal operational risk. Its Cyber Security Steering Committee (CSSC) focuses on cyber resilience, investing in threat detection, response, and recovery software.   

According to Rio Tinto’s CISO, Scott Brown, third-party risk is a key topic given the company has an ecosystem of 20,000-30,000 suppliers globally. The company has also been working on scaling up its cybersecurity workforce worldwide through recruitment drives in several countries. Alongside internal cybersecurity practices, Rio Tinto also ensures the security of its suppliers with detailed cybersecurity protocols and requirements.  

Notwithstanding this approach, in March 2023, Rio Tinto was hit by one of the biggest cyberattacks in the history of the mining industry. The attack allowed hackers to leak employees’ family information onto the dark web, along with company data such as payroll information.

Specialist cybersecurity vendors in mining

ABB, Switzerland 

ABB recognizes the amplified cyber risks due to the increased automation and connectivity of mining operations. The company’s cybersecurity portfolio is built around three layers: foundation, service, and operation.   

ABB provides defense from cyberattacks via its distributed control system, Ability System 800xA. The system offers mining companies foundational protection by assessing their current cybersecurity health, protecting against fundamental threats, and training staff about cyberattacks caused by human error. It also provides cybersecurity services, including maintenance of automated systems by a cybersecurity engineer and consulting services to implement cybersecurity policies.   

To address the threat of unauthorized access to industrial control systems (ICS), ABB offers its Ability Cybersecurity Fingerprint. Boliden uses the biometric identity verifier at its plants and provides extra validation along with existing security policies. Fingerprint validation reduces risks from malware and prevents unauthorized access to production activity, personal data, and equipment. It also enables auditing and tracking of personnel activity so those carelessly or intentionally spreading malware can be identified. 

Applied Risk, Netherlands 

Applied Risk is a cybersecurity consultancy firm specializing in securing ICS and OT systems. It supports mining companies by providing cybersecurity solutions tailored to their industry-specific needs, helping to protect critical infrastructure and OT systems against cyber threats. Additionally, Applied Risk offers expertise in assessing risks related to digital transformation and enhancing workforce safety in hazardous environments through cybersecurity measures. 

Claroty, US 

Claroty is an industrial cybersecurity company that helps customers protect and manage their OT and IoT assets. It provides a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access. The company helped mining companies to achieve a comprehensive view of their operational security risk profile. 

Dragos, US 

Dragos can help mining companies secure their industrial infrastructure via its cybersecurity platform. The platform provides visibility of any threats to the ICS alongside guidance on what actions the company should take. Vendors like Rockwell Automation, Siemens, Komatzu, and ABB also assist in inspecting the equipment and network communications.   

Among its services are threat hunting, incident response, tabletop exercise, and assessment services. In 2023, the Canadian base metals mining company Lundin Mining adopted Dragos’ OT cybersecurity platform and OT Watch to bolster its cyber resilience.   

Nazomi Networks, US 

Nozomi Networks is an OT security company aiming to assist organizations in updating their OT and IoT security practices with cybersecurity software. For example, it offers cybersecurity software as a service (SaaS). It can offer a few security features or be an all-in-one cybersecurity framework for companies of any size. The company provides automated threat detection, monitoring of OT and IoT environments for any anomalous activity, and visibility of all threats and features in a central dashboard. Mining companies especially benefit from the remote collectors' add-on feature, a low-cost method of collecting data from remote or isolated locations. 

Office Solutions, US 

Office Solutions is a provider of cybersecurity services to various organizations, including mining companies. The company controls communications and IT systems at mine sites, and its services include audits of IT security, a report on weak spots, and implementing solutions for cybersecurity risk management. 

Waterfall, Israel 

Waterfall provides hardware protection for critical industrial sites through its unidirectional security gateway (USG). The one-way security gateway was used by an Australian surface and underground metals mine to securely transfer data from operational sites to enterprise networks and monitor the activity of on-site workstation screens in real time.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis;used to produce this article.

GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them.

Go to article: Home | Cybersecurity in the age of AIGo to article: ContentsGo to article: BriefingGo to article: Foreword: Cybersecurity in the age of AI Go to article: Navigating the AI-driven cybersecurity landscapeGo to article: Key trends impacting cybersecurity Go to article: Timeline: a history of cybersecurity Go to article: Explainer: The most common types of cyberattacks Go to article: AI attacks now ‘the main cybersecurity concern’ for businesses across sectors Go to article: The state of cybersecurity: AI and geopolitics mean a bigger threat than ever Go to article: Companies’ own AI applications are ‘a huge cybersecurity problem’ Go to article: Regulators must protect the cybersecurity market from a private equity takeover Go to article: HealthcareGo to article: The impact of cybersecurity on healthcareGo to article: Case studies: cybersecurity in healthcare Go to article: Leading cybersecurity adopters and providers in healthcareGo to article: How healthcare cybercrime is predicted to escalate Go to article: Healthcare cybersecurity risk ‘higher than ever’ due to pandemicGo to article: Industry takes: Keeping healthcare businesses cybersecure Go to article: Rubrik’s Richard Cassidy on cyberattacks and resilience in healthcare organisationsGo to article: Cyberattacks on healthcare: Russia’s tool for mass disruption Go to article: Traceability technologies tighten supply chain fakery Go to article: Could brain-computer interfaces be hacked? Go to article: Deal activity related to cybersecurity in the pharma industry since 2021 Go to article: Deal activity related to cybersecurity in the medical industry since 2021 Go to article: EnergyGo to article: The impact of cybersecurity on the energy sector Go to article: Case studies: cybersecurity in energy Go to article: Leading cybersecurity adopters and providers in power Go to article: Cyberattacks on critical energy infrastructure ‘have increased dramatically’ Go to article: Report: Nuclear industry faces acute cybersecurity threats Go to article: The energy transition means increased attack surfaces for hackers Go to article: Deal activity related to cybersecurity in the power industry since 2021  Go to article: Cyber threat to oil and gas driven by geopolitics, extortion Go to article: How has cybersecurity changed since the Aramco hacks? Go to article: Deal activity related to cybersecurity in the oil and gas industry since 2021  Go to article: MiningGo to article: The impact of cybersecurity on miningGo to article: Case studies: cybersecurity in miningGo to article: Leading cybersecurity adopters and vendors in miningGo to article: Proactive approach to cybersecurity key for minesGo to article: ‘Operational disruption’ the main cybersecurity threat in miningGo to article: Why the mining sector should prioritise investment in cybersecurityGo to article: Will the Northern Sea Route become commercially viable in the near future?Go to article: Deal activity related to cybersecurity in the mining industry since 2021Go to article: DefenceGo to article: The impact of cybersecurity on defence Go to article: Case studies: cybersecurity in defence Go to article: Leading cybersecurity adopters and providers in defence Go to article: Latest news: Ukraine war dominant in cyber operationsGo to article: Sweden’s Nato accession: a cyberattack-filled saga Go to article: Germany recalls ambassador to Russia over cyberattacks Go to article: Why have cyberattacks in Poland spiked since Donald Tusk’s election? Go to article: How did China hack the UK Ministry of Defence? Go to article: Will IoT in defence continue to grow amid cybersecurity concerns? Go to article: AI Innovations wants to use semi-autonomous drones to save lives in Ukraine Go to article: Deal activity related to cybersecurity in the aerospace & defence industry since 2021  Go to article: Consumer GoodsGo to article: The impact of cybersecurity on the consumer goods sector Go to article: Case studies: cybersecurity in the consumer sector Go to article: Leading cybersecurity adopters and providers in consumer goodsGo to article: Latest news: Cybersecurity in packagingGo to article: Cybersecurity rising concern for packaging firms as digitalisation raises threat Go to article: Packaging companies must protect production lines from cyberattacks –analyst Go to article: Cybersecurity boost: Packaging learns from recent IT outages Go to article: Deal activity related to cybersecurity in the packaging industry since 2021  Go to article: Latest news: Cybersecurity in drinks Go to article: Drinks industry faces cybersecurity challenges from smart manufacturing Go to article: Brown-Forman chief talks cybersecurityGo to article: Modern supply chains open up cyber weak spotsGo to article: BankingGo to article: The impact of cybersecurity in banking and payments Go to article: Case studies: cybersecurity in banking Go to article: Leading cybersecurity adopters and providers in banking & payments Go to article: Latest news: cybersecurity in bankingGo to article: AI needed to tackle AI fraud – cybersecurity expert Go to article: What are the main cybersecurity trends of 2024? Go to article: What does the Economic Crime Act mean for foreign investors to the UK? Go to article: Regulators make crypto more attractive to institutions – NYU professor Go to article: Finance firms and ex-spies: strange bedfellows in a war-torn world Go to article: Monzo adds friction to fight fraud—but the features may not be popular with customers Go to article: Looking to stop payment fraud? Modernise your approach to bank validation Go to article: Governments must intervene on anti-fraud funding for real-time payments Go to article: Knowledge sharing puts finance sector among best for cybersecurity Go to article: Deal activity related to cybersecurity in the retail banking industry since 2021  Go to article: Sponsorship opportunitiesGo to article: GlobalData Thematic IntelligenceGo to article: Next issue