Key questions about cybersecurity in the mining industry: Q&A with GlobalData thematic analyst

Amna Mujahid is an analyst in GlobalData’s Thematic Intelligence Team. She contributes to the analysis of technologies across various sectors, notably mining, power, and packaging sectors. She takes a keen interest in themes such as cloud computing, cybersecurity, robotics, social media, and supply chains.

Amna Mujahid: Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. And maintaining this security is a constant struggle for organisations of all types. Cyberattacks are increasing in frequency and complexity for all industries. For mining companies there are specific challenges as they are targets of cyberattacks and espionage for geopolitical or economic reasons.  

For example, there is the risk of theft of important geological data, surveys, and mapping of economically exploitable mineral deposits. This theft can turn into extortion if money is demanded in exchange for returning information without encryption and with confidentiality intact. This is a lucrative target as mining companies invest billions into identifying new mine sites, and data on mineral deposits can be sold to competitors, land speculators, and financial investors with great detriment to the mining company.  

Furthermore, beyond the actions of the threat actors themselves, the mining sector’s increasing interconnectedness is presenting new challenges in terms of cybersecurity. The IoT sensors, augmented reality (AR) devices, autonomous vehicles, and drones that improve mining operations are equally capable of halting activity if they fall prey to cyberattacks. In particular, the operational technology (OT) networks of mining operations are vulnerable to cyberattacks as they operate with lower security maturity than corporate networks.

Amna Mujahid: Mining companies that will best defend themselves against cyber threats are those that lead in adopting the latest cybersecurity solutions, establish clear data security practices, and have contingency plans for potential threats. This will involve using solutions from all aspects of the cybersecurity value chain.  

With particular investment in unified threat management software, AI-based threat detection and response software, and all cybersecurity service provisions (managed security services, post breach response services, and risk and compliance services). This use of cybersecurity services will be especially valuable to mining companies as it can reduce the burden on the internal workforce where there may be a cybersecurity skills shortage.

Amna Mujahid: Cyberattacks are becoming more frequent and complex. The last decade and especially the last two to three years has seen increased digitalisation in the mining sector. Mining companies have gone from adopting enterprise resource planning (ERP) systems from vendors like SAP, Infor, and Sage to the using emerging technologies, such as IoT, AR, autonomous vehicles, digital twins, and even drones.  

The advent of Covid-19 further catalysed technology adoption as more mining processes were conducted remotely. At the same time, declining ore grades and continuous pressure on mining companies to identify new viable mines have pushed them to operate in more remote locations, often in developing nations. This, too, has led to more operations running remotely and thus encouraged digitalisation to bridge the physical gap between remote and on-site workers. 

 Digitalisation has driven continual operational improvements in productivity, cost control, and resource development, but this has come at a cost to cybersecurity. The increased use of interconnected devices and software has made mining companies more vulnerable to cyberattacks and protecting this increased attack surface presents a significant challenge.  

Digitalisation in heavy industries, such as mining, is especially at risk of cyberattacks as operational technology (OT) networks are less mature than their corporate network counterparts. Within OT networks, autonomous fleets, drone technology, equipment management systems, and the Industrial Internet are all under threat of cyberattacks with severe consequences. These could include the complete shutdown of production activity, loss of revenues, environmental harm, danger to on-site workers, and reputational damage to the mining company itself.

Amna Mujahid: The mining sector has seen increased focus on cybersecurity. This comes as no surprise in a sector going through heavy digitalisation. Mining companies are seeking to protect their mission-critical operations from attack and defending sensitive data that competitors, nation-states, or cybercriminals could breach.  

GlobalData predicts that the global cybersecurity revenues for the mining sector will see steady growth rising from $1.6bn in 2020 to $2.5bn by 2025. However, protecting against cyber threats is a never-ending project and only companies that keep on top of the latest cyber threats and adopt the latest cybersecurity solutions will succeed.  

The current mining companies leading cybersecurity adoption are identified in our Cybersecurity in Mining report as Anglo American, Antofagasta, BHP, Fortescue Metals, Kinross Gold, Nippon Steel, Nornickel, POSCO, Rio Tinto, South32, Tata Steel, Teck Resources, and Vedanta.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them.