As the world becomes more technologically advanced and interconnected, the security risks in the cyberspace are more apparent and ever increasing. Cybersecurity is a critical priority for businesses in all sectors. The mining industry is particularly vulnerable to cyber threats and attacks, due to the high degree of digitisation, interconnection and automation in the supply chain.

Ma'aden, as one of the fastest-growing mining companies in the world, regards cybersecurity as a key priority that needs careful and constant consideration. This is because a cyber breach could compromise Ma’aden’s digital infrastructure, industrial control systems and fundamentally its ability to do business.

Internal Processes

To address the latent risks, Ma’aden adheres to the highest international standards, global best practices and risk assessment levels, and has developed and implemented strict internal procedures to enhance cybersecurity, in all facets of the business. Ma’aden regulates and controls its systems through 24/7 monitoring managed by artificial intelligence to act and responds to anything suspicious, whether in relation to information systems, networks, or industrial control systems, which are responsible for managing manufacturing and mining processes in the company's factories.

Importance of training

It only takes one computer, infected with malware, for a whole system to become immobilised. This is why Ma’aden views its employees as the first line of defence against cybersecurity threats. Continuous training and development programs, which include an assessment component, are available for all Ma’aden staff, to help engrain in the corporate culture a high level of awareness and responsiveness to the potential cyber- threats that the business could be subjected to. Ma’aden is also making strategic hires in the cybersecurity space, and investing in their development, to enhance our capabilities.

Collective responsibility

However, as cyber-attacks rarely effect one single entity, this is a risk that cannot only be addressed simply at a company level. Attackers search for systemic weaknesses to exploit. There is a strong likelihood that cyber-attackers could target Ma’aden’s suppliers, to be able to gain access to the digital infrastructure. That is why we work closely and in partnership with suppliers and service providers to share the role of ensuring collective cybersecurity.

In fact, Ma’aden seeks to cooperate and collaborate with all relevant stakeholders, to raise cyber-safety standards and mitigate risk. We are building partnerships with counterparts in the industrial sector, both locally and internationally, and with leading cybersecurity and government agencies, notably the National Cybersecurity Authority in Saudi Arabia, to pool experience, share knowledge, and to mutually bolster our protection against cybercrime.

A new alliance

Ma'aden is also a founding member of Saudi Arabia’s Energy Industry Cybersecurity Intelligence-Sharing Consortium. The alliance includes a wide range of energy and mining companies, for whom cybersecurity is an important consideration, such as SABIC, Sadara, TASNEE Co. and Saudi Electricity Company. The objective of the Consortium is to establish a Threat Intelligence Sharing Platform to collate information to enable its members to identify, assess, monitor and respond to cyber-threats more effectively. Members can leverage the resources and risk management techniques to enhance the speed and efficiency of their response.

Cybersecurity is key priority for Ma’aden, and we seek to continue to improve our capabilities, in partnership with others. Together, we must remain vigilant.