As mines undergo digital transformations, cybersecurity risks overlap significantly with safety.
In the mining sector, safety is the core culture. Yet, because it is more invisible than the physical risks of a mineshaft, cybersecurity has been left behind. Weighing physical safety as a higher priority than digital safety is a damaging downfall.
The culture of safety in mining is long‑established, built upon tragedies like the November 20, 1968 Farmington No. 9 coal‑mine explosion, which killed 78 miners and triggered sweeping U.S. legislation including the 1969 Coal Mine Health and Safety Act and the creation of MSHA.
Today, safety remains a core priority across the sector. Cybersecurity, on the other hand, trails far behind — but its risks are no less severe: recent Claroty survey data indicates that 26% of cyber incidents in mining resulted in production shutdowns, 30% led to loss of customer or partner relationships, and 28% implicated public safety.
When surveyed about the financial toll of cyberattacks, nearly 70% of respondents indicated their organizations had incurred losses exceeding $100,000 and more than 30% reported damages surpassing $1 million. The most frequently cited cost drivers behind these losses included legal expenses, lost revenue, and regulatory penalties. The data underscores the substantial financial burden that recurring cyber threats impose on the sector. And yet, cybersecurity lags behind.
A cyberattack that interrupts OT or automation systems can halt operations altogether, accumulating multi‑million‑dollar losses per day, exposing environmental compliance failures, and damaging reputation. And yet, cybersecurity still receives significantly less strategic and regulatory attention than physical-site safety.
A 2025 report by EY demonstrates this unfortunate trend. Researchers found that cybersecurity has dropped out of the top 10 risks of mining and metals companies. But the reason is more startling than the statistics. Cybersecurity didn’t make the list because it’s now considered business as usual. But, this story isn’t complete. The cyberattack trends paint a different picture, and it doesn’t add up. According to MM-ISAC’s (Metal and Mining — Information Sharing Analysis Centre) 2024 report, there has been a 200% increase in cyber incidents impacting the mining and metals sector in Canada.
Those in cyber who are dedicated to securing mines have no interest in overturning the emphasis on physical safety. In fact, as safety-focused practitioners, they endorse it. But there’s no doubt, as mines leverage the latest technologies and radically digitalize operations to stay ahead, cybersecurity and safety are on the table. Not only that, but they’re a permanent fixture.
The importance of mining to Canada
Mining is critical to Canada’s economy. The mining industry contributes $24B to provincial GDP in Ontario and 694,000 jobs nationwide. Mining accounts for ~5% of Canada’s GDP and is one of the assets that will unleash Canada’s economic potential. Unbeknownst to most Canadians, Canada is home to 200 active mines, most spread between Ontario, Quebec, and British Columbia. The top five commodities — gold, potash, coal, iron ore concentrates, and copper — comprise over two-thirds of the sector’s total value.
Critical minerals, essential to modern technology, clean energy, and national security, have also been under the spotlight due to the recent geopolitical climate. Canada is recognized as having one of the world’s most important reserves of these critical minerals, and as emphasized by Canada’s Critical Minerals Strategy, they will play a significant role in the country’s future prosperity.
As the Canadian mining sector establishes its place on the global stage, it will entice cybercriminals and nation-state actors. Cybercriminals are profit-driven and will target organizations with the ability to pay a ransom. Additionally, nation-state actors are driven by political interests and will target industries of strategic importance. Mining is in the crossfire.
What are the key cyber threats?
What are the key cyber threats in mining?
- Human-driven threats
- Phishing and social engineering.
Threat actors (including cybercriminals and nation-state actors) leverage publicly available information to exploit mining company employees. - Insider threats.
Disgruntled employees or those who may be bribed may steal sensitive information or install malicious software on behalf of threat actors.
- Phishing and social engineering.
- System & supply chain vulnerabilities
- Supply chain risks.
Mining companies deploy a wide array of technologies, and a cybersecurity incident affecting the service provider may impact the mining company. - Legacy OT systems.
Operational technology deployed at mine sites was not designed with security considerations in mind and presents a considerable risk if connected to IT systems. - Remote access exploits.
An increase in the number of monitoring and control systems that allow remote access opens up the attack surface for threat actors to exploit.
- Supply chain risks.
- Attack types
- Ransomware.
The deployment of malicious software to disrupt an organization’s operations threatens the continuation of business and causes financial and reputational impacts. - Industrial espionage.
The theft of geological exploration data and corporate strategic data may result in loss of potential earnings and investor confidence.
- Ransomware.
- Gaps in design. training and awareness
- Engineering oversights in security-by-design.
Operational technologies focus on maintaining high levels of uptime, longevity, and efficiency. Security is often an afterthought. - Gaps in understanding among general managers at the site level.
Cybersecurity is viewed as the responsibility of IT professionals and is often seen as a cost to the business.
- Engineering oversights in security-by-design.
Cyber risk in mining isn’t abstract, it’s operational and human. As mines continue to adopt smart systems, remote operations, and complex digital infrastructure, the attack surface grows — and so does the potential for real-world harm. Just as we wouldn’t send workers underground without ventilation checks or haul trucks without brake inspections, we can’t afford to treat cybersecurity as optional. It must be embedded into the same systems, protocols, and leadership culture governing physical safety. Because in modern mining, securing people’s safety means securing critical systems.
Cyber threats look a lot like safety hazards
In mining, the impacts of compromised safety are dire. Operational Technology (OT) cyberattacks can tamper with automated machinery, haul trucks, or drilling systems, leading to malfunctions that put workers at high risk. If ventilation systems are disabled in underground mines, it can lead to catastrophic incidents as gas builds up and the risk of an explosion increases.
In mining, safety isn’t an annual repeat PowerPoint presentation at an all-staff meeting. It’s critical to daily operations and human lives. Safety is deeply embedded in the culture — in daily briefings, capital planning, and the leadership mindset. It’s non-negotiable.
By contrast, cybersecurity is still often categorized as an ‘admin’ expense despite its far-reaching impact on operations and overall sustaining costs. Many security initiatives are underfunded as cyber risks are underreported, and teams struggle to justify the ROI.
Cybersecurity is safety. And this is where the shift in thinking needs to happen.
The parallels are striking:
| Safety incident | Cybersecurity incident |
|---|---|
| Can cause operational shutdown | Can halt production systems |
| Impacts worker health & safety | Can affect autonomous haulage, ventilation, etc. |
| Attracts regulatory scrutiny | Can trigger privacy enforcement |
| Damages trust with workers and the public | Damages trust with investors and partners |
| Often avoidable with training and protocols | Often avoidable with awareness and governance |
Safety is tangible in cybersecurity because it’s a human issue. Education is the first step, starting with employee training and awareness programs. Cybersecurity training must extend beyond IT — reaching all corners of the organization. Through remote field education, mining employees from industrial facilities to administrative offices must all have a strong and ongoing cyber education to reduce the chance or impact of a major incident. The cost of inaction is too high.
A real-life cyber incident
In December 2022, a ransomware attack forced Copper Mountain Mining Corporation to shut down its mill in British Columbia. Production halted for nearly a week. The incident wiped 5.5% off the company’s share value overnight and exposed just how vulnerable modern mining operations can be to cyberattacks.
This was not an isolated event. Mining companies across the globe — from South Africa to Australia — have experienced breaches that damaged systems, delayed production, and triggered costly recovery efforts. In many cases, the attacks exploited legacy equipment, weak remote access controls, or a lack of segmented networks.
Sometimes, a three-week disruption extends to months due to recommissioning delays. The financial implications are steep and, for junior firms, they are crushing.
Mining uses more tech than many realize
There’s a lingering perception in some corners that mining is slow to adopt new technology. That’s far from the truth. Canada’s mines are filled with high-precision, high-stakes tech: autonomous vehicles, smart sensors, OT and ICS systems, machine learning models, 5G connectivity, and remote operations centers. This complexity highlights why cybersecurity plays a critical role in securing the networks and systems that enable these mines’ operations.
But cybersecurity maturity is uneven. Some companies have recognized this priority and have invested heavily in cybersecurity programs. However, there is still disparity across the different mine sites and operations, as these large organizations still struggle with governance across their enterprise. Meanwhile, other juniors and smaller service providers lack even baseline controls. This fragmentation creates significant systemic risk.
So what’s the solution?
Cybersecurity needs to borrow from the safety playbook and create a culture of cyber resilience.
Building a culture of cyber resilience
What can the mining industry do, particularly leaders of small and mid-sized enterprises, or government partners working on sector strategy?
Start with mindset. Cybersecurity must be seen not just as compliance, but as core to safety, productivity, and reputation. Like with safety, culture change starts with leadership and is reinforced through clear protocols, investment, training, and accountability.
Key elements include:
- Leadership-driven safety mindset for cyber
- Frame cybersecurity as an essential enabler of physical safety and production uptime.
- Consider explicit cyber–safety objectives, link them to bonuses, and review them alongside lost-time injury metrics.
- Defence-in-depth across converged IT/OT networks
- Physically and logically segment business IT, process control, and safety instrumented systems.
- Apply guardrails in access, authentication, and controls to any traffic that must flow between zones, including remote access for Original Equipment Manufacturers (OEMs) and contractors.
- Standards-aligned response & recovery playbooks
- Maintain incident response, business continuity, and disaster recovery plans mapped to international industry standards.
- Test them through tabletop drills involving executives, control-room operators, and third-party support teams.
- Rigorous supply-chain and vendor risk governance
- Screen third-party providers to be secure and minimize vulnerabilities into the mining supply chain.
- Track software bills of materials (SBOMs) and require vendors to demonstrate adherence to cybersecurity standards.
- Continuous assurance & improvement loop
- Schedule quarterly vulnerability assessments and annual third-party audits covering both IT and OT assets.
- Track and report findings into a register to understand common trends, track remediation through to closer, and to cross-reference and share for future prevention.
- Workforce & contractor cyber competence
- Deliver tiered cybersecurity awareness training (board, supervisor, frontline).
- Implement cyber awareness and training modules for all contractors during orientation, and introduce stricter processes, including automatic removal of access at project closeout.
- Industry-wide threat intelligence & knowledge sharing
- Contribute anonymized incident data to sector ISACs or national cybersecurity initiatives to help paint a picture of the full scope of cyber incidents in the sector, so governments and industries can be aware.
- Use shared lessons learned to update safety playbooks and improve responses.
Enabling safety and prosperity
Over decades, Canadian miners turned some of the world’s most hazardous worksites into benchmarks of industrial safety. That leap forward happened because every regulator, operator, and equipment maker treated safety as a non-negotiable condition for production. The modern mine relies heavily on technology, and that technology must be secured to enable a safe operating environment.
Long gone are the days when we could point our finger in a different direction and resolutely claim that cyberattacks happen to other industries or to different types of — perhaps more vulnerable — people. Cyber awareness is simply part of life. Just like the routine act of mopping a spill on the floor so that someone doesn’t trip or hold the base of a ladder, cyber practices and education are factual if the mining industry is to progress and keep its people safe.
As a prominent leader in clean technology, critical minerals, and global exports, the mining industry has both an opportunity and a responsibility to show the way. With safe practices, the growth potential is boundless.
