Page 42 - Annual Report 2020
P. 42

1.5.4 Risk management continued

           Cybersecurity
           Cyber-related risk events, including attacks on our enterprise or incidents relating to human error, online and web-based operations
           and infrastructure.

           Why is this important to BHP?
           Many of our business and operational processes are supported by and dependent on technology. As automation and the speed of technological
           innovation continues to increase, our dependence on technology is likely to grow. We are moving towards an increased reliance on autonomous
           systems for haulage and drilling. Throughout our operations, we have substantial integration between our information technology and operating
           technology systems. All such systems may be subjected to cyber events or attacks and these can have significant impacts, including on our business
           and stakeholders.
           Threats
           Cyber events or attacks may lead to:              •  environmental damage (for example, a cybersecurity breach of
           •  operational or commercial disruption (such as the inability to process   operational systems controlling pumps and valves resulting in material
            or ship resources)                                being released into the environment)
           •  corruption or loss of system data              •  a hampered ability to respond appropriately to unrelated incidents
           •  a misappropriation or loss of funds            •  regulatory fines and compensation to people impacted
           •  unintended disclosure of commercial or personal information   •  loss of licences, permits or necessary approvals to operate assets
           •  health and safety incidents, including fatalities (where cyber events    •  reputational damage
            or attacks cause system error or malfunction, which result in
            operational incidents)
           Management

           We employ a number of measures designed to protect against, detect   •  cybersecurity awareness plan and training
           and respond to cyber events or attacks, including:  •  security assessments and monitoring
           •  BHP’s standards on technology and cybersecurity, communications    •  restricted physical access to critical centres, servers and
            and external engagement                           network equipment
           •  cybersecurity strategy and resilience programs  •  incident response and crisis management plans
           •  enterprise security framework and cybersecurity standards

           FY2020 insights
           There were no identified cybersecurity breaches to the Group’s technology environment during FY2020 despite an increase in attempted
           cyberattacks during the COVID-19 pandemic. The Group’s exposure to cybersecurity-related risk events increased in FY2020 and is expected to
           increase further, primarily due to our growing reliance on technology and the increasing sophistication and frequency of external cyberattacks.

















































          40  BHP Annual Report 2020
   37   38   39   40   41   42   43   44   45   46   47