Mining has always been about more than extraction. It underpins industrial growth, national development and geopolitical stability. In today’s increasingly contested global environment, access to minerals and natural resources is once again a strategic priority for major powers. Yet while global attention focuses on trade tensions, nationalism and protectionism, another, less visible threat is rising: remote disruption through cyberattacks.
As mining modernises, it is also becoming more vulnerable.
Critical infrastructure, which typically includes the mining sector, energy and utilities and agriculture, refers to infrastructure so vital that any impact on it could have debilitating consequences for economic stability, national security and the physical health and safety of the public. In an increasingly digitalised environment, critical infrastructure relies heavily on networked software and hardware systems, which in effect renders it “hackable.”
At the 2026 Mining Indaba in Cape Town, the emphasis was on digitalisation and technological advancement of the industry. However, the industry recognises that cybersecurity can no longer continue to remain the unaddressed elephant in the room.
The targeting of critical infrastructure is the next frontier in modern conflict and criminal enterprise. Traditionally, the mining and minerals sectors, manufacturing and the energy and utilities industries have relied heavily on automation through the use of operational technology (OT), supervisory control and data acquisition systems and industrial control systems, as well as increasingly networked (and therefore interconnected) infrastructure. It is the nature of IP-based networking that makes devices, systems and their environments “smart” – and vulnerable to cyber incidents. It is therefore concerning that, although digitalisation and technological development rightly remained key topics during this year’s Mining Indaba, cybersecurity continues to be detrimentally neglected.
A conversation about artificial intelligence (AI) cannot be had without discussing its potential as a major disruptor of cybersecurity and the implementation of advanced robotic solutions cannot be explored without considering their autonomous nature and interconnectivity. The World Economic Forum continues to highlight cyber risk as the top business risk worldwide. It is now a global strategic risk and can no longer be relegated to the status of an add-on or afterthought.
A number of cyber incidents in the mining industry have been reported in the media in recent years. Eastplats experienced a cyber incident in May 2025 in which internal company documents were leaked. Sibanye-Stillwater suffered a major outage of its global information technology (IT) systems in 2024; while core mining operations were able to continue, its IT infrastructure was heavily impacted. Rio Tinto, one of the world’s largest mining companies, suffered a major breach in 2023 that led to sensitive employee data, including payroll and personal information, being leaked online.
The seriousness of cyberattacks on industrial control systems – where actions in the physical world can be perpetrated through digital means (e.g., the opening or closing of breakers at an electricity substation or the hijacking of an autonomous haulage system) – means that digital attacks can, for the first time, cause physical harm or even death.
Through the pervasiveness of the IT/OT convergence, even non-intellectual property (IP)-based infrastructure can now potentially be manipulated remotely, for example by compromising human-machine interfaces. While many cyberattacks involve data theft or leakage, with detrimental effects on organisations and individuals, real-world cyber-physical attacks are thankfully still less common, although they are expected to increase in frequency and severity.
The South African Mining Extraction Research, Development and Innovation Strategy provides a roadmap up to 2030, outlining collaborations between industry, government, research councils and academia to ensure the digital transformation of the mining industry. The strategy has already led to the establishment of research centres co-located at local universities, focusing on real-time information management systems and the strategic application of people-centred technologies. Central to this roadmap is cybersecurity and the role it plays in protecting and advancing the mining industry.
Cybersecurity is not an add-on; it should be implemented through defense in depth – paramount to any digitalisation or cybersecurity strategy – meaning that security must be embedded at all levels. This includes hard technical controls, as well as softer policy and procedural controls. It must also extend to employee training and awareness, as it has repeatedly been shown that humans remain the weakest link in even the best-designed ecosystem. The World Economic Forum estimates that as much as 95% of cyber incidents are enabled through human error or human involvement. Even advances in AI-based attacks are expected to target humans through social-engineering mechanisms and bespoke malware, rather than through automated exploits that directly target machines.
At a minimum, organisations must:
- Gain a proper understanding of their unique risk landscape, especially considering the impact of cyber-related incidents on their operations and overall health and safety imperatives;
- Gain a comprehensive understanding of their digital landscape, particularly the convergence of IT and OT environments;
- Develop context-specific cybersecurity strategies tailored to their unique operational environment and needs;
- Conduct thorough cybersecurity risk assessments and implement appropriate risk mitigations;
- Implement robust cybersecurity measures and solutions, including continuous monitoring of cyber events and incidents;
- Place a strong emphasis on employee training and awareness at all levels, as this can provide the best “bang for your buck” in terms of risk reduction verses costs incurred; and
- Develop, regularly test and update cybersecurity incident response plans.
The Council for Scientific and Industrial Research (CSIR), in line with its National Cybersecurity Survey of 2024, recommends that the mining sector includes cybersecurity at every level of its digitalisation efforts. Technological advancements cannot be considered without placing an emphasis on security. Improvements in the mining sector’s cybersecurity posture can be achieved by instituting the following:
- Investment in cybersecurity: allocate sufficient investment in infrastructure, technologies, policies and procedures, as well as the development of a skilled cybersecurity workforce for the mining sector;
- Collaboration and public-private partnerships: encourage collaboration between the public and private sectors and engage in mutual discussion on cybersecurity challenges and solutions;
- Sector computer incident response teams): sector incident response teams can monitor, detect, respond to and assist in recovering from cyber incidents more effectively than individual companies acting alone. The sharing of threat intelligence and the establishment of incident response teams are critical in planning for the inevitable.
As planning for the 2027 Mining Indaba is already underway, modernisation and digitalisation of the mining sector will undoubtedly remain a central theme. It should. Modernisation is essential for competitiveness, sustainability, and safety. But digital transformation without cybersecurity is incomplete. It is modernisation with a blind spot.
If mining is to remain stable, secure and globally competitive, cybersecurity must move from the margins of the conversations to the centre. Only then can the sector truly claim to be committed to modernisation.
Billy Petzer is a cybersecurity specialist, an ECSA-registered professional engineer and Research Group Leader for Cybersecurity Systems in the Information and Cybersecurity Centre at the CSIR
At the 2026 Mining Indaba in Cape Town, the emphasis was on digitalisation and technological advancement of the industry. However, the industry recognises that cybersecurity can no longer continue to remain the unaddressed elephant in the room
