Canadian Underwriter
News

EY warns of “more gateways” for cyber attacks on mining, metals firms


July 7, 2015   by Canadian Underwriter


Print this page Share

The “convergence” of information technology and “operational” technology can increase cyber risk for mining and metals firms, while new financial reporting requirements increase the risk of resource nationalism, EY warned in a report announced Tuesday.

“Being a victim of any form of cyber-attack can cost a company millions of dollars in lost production, threaten worker safety or cause massive reputational damage, by leaking of confidential or stakeholder- sensitive information,” EY stated in the report, titled Business Risks Facing Mining and Metals 2015-16.

Threats in the mining and metals sector include what EY calls the “convergence of information technology with operational technology, which EY suggests can create “more gateways” for a cyber attack.

EY released a report on risks in mining

EY also warned that breaches are often either detected late or not detected at all.

“Information and operational security needs to be a board level priority and managed from the top down,” according to the report. “Cybersecurity needs to feature on the corporate level risk register and to be integrated in the ERP. It’s not just about systems – an approach is needed that includes threat and risk-based implementation of people, processes and technology capabilities to develop a resilient cybersecurity environment.”

The annual report is based on discussions with officials at global mining and metals companies. This is the eighth year EY has published the report. In 2008, the top 5 risks were, in order: the skills shortage; industry consolidation; infrastructure access; social license to operate; and climate change.

Social licence to operate dropped to fifth place this year. The top four risks identified in this year’s report were: Switch to growth; productivity improvement; Access to capital; and Resource nationalism.

“Resource nationalism continues apace, but not with the vigor of previous years,” EY stated in this year’s report. “Taxes and royalties are still being increased around the world, and are either being implemented or proposed in countries such as India, Guatemala and the Democratic Republic of the Congo. Mandated beneficiation is gaining political popularity with the perceived value adds to economies.”

EY suggested risk managers at mining and metals firms need to consider new reporting requirements. EY cited several examples, including Canada’s Extractive Sector Transparency Measures Act, which came into force June 1.

ESTMA applies to certain businesses engaged in commercial development of oil, gas or minerals, the federal government stated in a recent backgrounder. It requires those firms to report annually on payments – such as taxes, royalties, bonsuses and dividends – of $100,000 or more to any level of government in Canada and abroad.

EY noted that ETMA will require firms with a calendar year end to disclose those payments, made in 2016, in report filed by May of 2017.


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*