Why the mining sector should prioritise investment in cybersecurity

M​​​​​​​ining companies must prioritise investments in cybersecurity. Without proficient security and protection, companies are exposed to a greater risk of cyberattacks. And, so far, no company’s system is immune. 

Looking back just one year, Rio Tinto was hit by one of the biggest cyberattacks in the history of the mining industry in March 2023. The attack saw hackers leaking employees’ family information on the dark web, as well as company data such as payroll information. 

Later, in May 2023, Fortescue Metals was targeted by a Russian ransomware group claiming credit for the theft of data. In December 2023, Anglo American had its email distribution channels compromised, resulting in a crudely worded message and an inappropriate graphic sent to company subscribers.

Impacts on daily business operations can be disastrous: operational shutdowns, equipment damage, health and safety risks, but also financial loss, intellectual property theft, competitive advantage loss, and reputation damage. 

Moreover, since cyberattacks have become important weapons in geopolitical battles, geopolitics, and cybersecurity tend to go hand in hand. The mining industry finds itself in the crossfire, given its strategic position in global supply chains.

Global cybersecurity revenues are headed for strong growth, reaching $290bn by 2027, having grown at a compound annual growth rate (CAGR) of 13% between 2022 and 2027. In the mining vertical, GlobalData estimates that the total cybersecurity market will be worth $3.6bn in 2027, having grown at a CAGR of 15% between 2022 and 2027. 

But cyber threats are escalating and mining companies need to prioritise cybersecurity investments. For example, 50% of organisations from all industries do not have a strategy to protect from cyberattacks, says GlobalData. In addition to this, the employment of chief information security officers (CISOs) by businesses is patchy, despite the importance of cybersecurity. 

However, the number of cyberattacks is rising as is their complexity. As the digital transformation of mining companies continues, a CISO on the company board should be a priority to minimise cyber risks and implement resilient cybersecurity policies consistently across a company to guard against growing cyber threats.

Once hit by a cyberattack, the most straightforward option for a mining company would be to shut down access to the network and switch parts of the operations to manual, but this would lead to a downgrade in efficiency and often a significant downtime. Neither solution is feasible, especially in the long run. 

However, malicious cyberattacks are increasingly more difficult to identify and nullify, making the incidents costly and difficult to manage. The increased exposure of the mining industry to cyberattacks can be attributed to the progressive digitalisation of the sector, due to the bigger volume of data that companies handle. 

This—coupled with more connected devices, the adoption of cloud, artificial intelligence (AI), internet of things (IoT), and robotics—creates fertile ground for hackers. Notably, the widespread availability of generative AI tools such as OpenAI’s ChatGPT, enhances the sophistication and personalised nature of attacks from bad actors. Therefore, investments in cybersecurity providers are extremely beneficial for the sector.