What EY can do for you
Our approach to cybersecurity is to apply good risk management principles. We start by reframing the issue as cyber risk. We assess the business risks, critical assets and risk event scenarios. Then we balance the organizational risk appetite, the controls environment, governance and business constraints to determine a cyber risk-based framework and program.
We believe that regardless of the framework adopted, your organization should take a risk-based approach that is fit for purpose, adopts a balance between “protect” and “react,” and meets the organization’s operational requirements.
Cyber threats are growing at an exponential rate globally, with 71% of mining participants in our Global Information Security Survey 2021 having seen an increase in the number of disruptive attacks over the past 12 months, and 55% are worried about their ability to manage a cyber threat.
The convergence of information technology and operational technology makes companies more vulnerable to continued rogue activity in the sector. Today, all mining organizations are digital by default — in an increasingly connected world, the digital landscape is vast, with every asset owned or used by an organization representing another node in the network. This will intensify given the accelerated adoption of cloud, analytics and automation across the sector, as well as disruptive innovation to achieve decarbonization targets. With the increasing investment in digital and reliance on control systems for efficient operations, the attack surface is only getting larger.
To address cyber risks as well as the gaps in cyber resilience and preparedness caused by the “human factor,” the mining and metals sector must undergo a fundamental change in cyber risk culture and awareness.
Understanding the cyber threat landscape is the vital foundational step. Mining and metals companies need to have a clear plan that forms part of their digital road map and risk management plan.