Mining and metals companies are increasingly required to adopt to the digital world around them — investing heavily in tools to achieve better productivity and margin improvements. But as the digital transformation agenda forces organizations to embrace emerging technologies in an ever more connected world, it’s never been more challenging for miners to create a secure digital environment.
Miners have enormous amounts of valuable data, and they’re becoming more aware of how vital it is to protect it. The target area is continuously growing across physical assets, digital infrastructure and business processes, and the exposure is further impacted by increased connections with suppliers and customers. With more than half of global mining and metals companies having reported a significant cybersecurity incident in the last year, it’s not a surprise that cybersecurity has jumped up in the EY Top 10 business risks facing mining and metals in 2019-20 report for a second year in a row.
There are several concerns when it comes to cybersecurity. Breaches of a company’s data, whether malicious or accidental, can have serious ramifications – from safety incidents at mine sites and physical damage to assets, to significant data breach investigation and remediation costs. But perhaps the most long-term consequence includes damage to the company’s reputation. And in today’s era, trust could just be your most valuable asset.
So, how can miners develop an effective cybersecurity strategy that positions them for growth while building and maintaining the trust of their stakeholders and the public?
It starts with understanding the business risks, critical assets and potential scenarios that could pose a cyber risk event. Once those are established, executives need to implement a robust and fit for purpose cybersecurity strategy that’s rooted in strong risk management principles. Integrating and embedding security in business processes and creating a more secure working environment can protect the organization from end-to-end, and give leadership peace of mind that will allow them to focus on growth.
To gain a better picture of where the organization is in its cybersecurity maturity, executives need to perform a baseline assessment of the organization’s cyber controls. This will help them identify cyber control gaps and understand where they need to invest to build a cybersecurity framework that will close those gaps and address key risk areas.
The cybersecurity transformation should promote three main principles across culture, governance and capabilities:
- Expect excellence in security fundamentals: Be highly mature at security basics, practice good security hygiene and optimize the organization’s current information security capabilities.
- Establish a strong governance program and a culture of accountability: This should include adequate progress and performance metrics, and the development of a security- savvy business culture where security practices are part of people’s everyday responsibilities.
- Build a commitment to continuous improvement: Adapt to new requirements based on evolving threats and trends, regularly assess the organization’s security posture to resolve gaps, and instill the idea that cyber strategy is part of everyone’s job no matter what their specific role.
As the digital age opens new avenues for miners to grow and prosper, it’s never been more important to build and maintain trust across the value chain. A strong cybersecurity program and a commitment to keeping it up to date will go a long way to help mining and metals organizations thrive amid constant and persistent change.
YOGEN APPALRAJU is the national cybersecurity leader at EY Canada. He is based in Toronto. Visit www.ey.com/miningrisks for more information.