A comprehensive review of cyber security and current practices in global mining critical infrastructure

The purpose of the study is to explore the reasons behind the low uptake of Information Security Management Standards (ISMS), Asset Management, and Business Continuity Plans despite increasing cyber threats to the mining sector. Mining companies need to modernize and automate to keep up with the ‘Fourth Industrial Revolution’, driven by disruptive technology, forcing systems and technologies to become more integrated, increasing cyber attack threats. To address this, we conducted a literature review analyzing the mining industry across various regions. The research is based on a qualitative analysis of diversified literature. The results highlighted factors behind the low uptake of ISMS standards: lack of regulatory requirements, low awareness of ISO/IEC 27001 standards, shortage of IT skills and expertise, lack of senior management engagement, and reliance on insurance to mitigate cyber threats. The results suggest mining companies are gradually realizing the potential consequences of cyber threats and are considering formulating a framework to protect the industry from cyber attacks.