At CIM we take cybersecurity very seriously and recently underwent a cybersecurity assessment to identify possible risks. Subsequently we made improvements to fortify our IT infrastructure and systems. However, in October CIM members were informed that the third-party-hosted RFG2018 abstract submission database had been compromised by unauthorized users to obtain email addresses, usernames and passwords. Even though CIM’s systems were not affected, some member email addresses and passwords were made available publicly. CIM staff worked quickly to contain the situation and limit further repercussions.

This event and other recent attacks on our mining sector stakeholders remind us of our vulnerability. Today, in an age where almost everything is online, digital and “smart,” the threat of a cyber attack is real and imminent. A recent study from EY found that 87 per cent of Canadian organizations have suffered at least one successful cyber breach. Nearly half (46 per cent) feel a future cyber attack is possible. Unfortunately, it is almost impossible for companies to completely eliminate cybersecurity risks. The way to manage the risk is to be prepared and be responsive, by improving controls and processes to identify, protect, detect, respond and recover from attacks. 

Related: With more mines being connected, how are they being protected?


As our sector continues to transition to full digitalization and autonomy, and the implementation of AI and machine learning become more widespread, the risk of cyber attack will only increase. In fact, the EY report revealed that last year 55 per cent of mining companies experienced at least one significant cybersecurity breach.

It is critically important to routinely assess cybersecurity risks, no matter the size of your organization or the nature of the business. Actually, cybersecurity breaches tend to be more prevalent in small organizations with less sophisticated cybersecurity practices. While larger companies are often more susceptible through links with their smaller partners. When managing cybersecurity risk, it is important to examine all possible attack vectors and this includes third-party vendors.

According to the 2017 Cybercrime report, by 2021 the global cost of cybersecurity breaches is expected to reach US$6 trillion, double the total for 2015. Cyber risks are business risks that can result in significant financial, operational and reputational damage. As a sector, we need to quickly learn, respond and adapt to this constantly evolving digital world.