Page 42 - Annual Report 2020
P. 42
1.5.4 Risk management continued
Cybersecurity
Cyber-related risk events, including attacks on our enterprise or incidents relating to human error, online and web-based operations
and infrastructure.
Why is this important to BHP?
Many of our business and operational processes are supported by and dependent on technology. As automation and the speed of technological
innovation continues to increase, our dependence on technology is likely to grow. We are moving towards an increased reliance on autonomous
systems for haulage and drilling. Throughout our operations, we have substantial integration between our information technology and operating
technology systems. All such systems may be subjected to cyber events or attacks and these can have significant impacts, including on our business
and stakeholders.
Threats
Cyber events or attacks may lead to: • environmental damage (for example, a cybersecurity breach of
• operational or commercial disruption (such as the inability to process operational systems controlling pumps and valves resulting in material
or ship resources) being released into the environment)
• corruption or loss of system data • a hampered ability to respond appropriately to unrelated incidents
• a misappropriation or loss of funds • regulatory fines and compensation to people impacted
• unintended disclosure of commercial or personal information • loss of licences, permits or necessary approvals to operate assets
• health and safety incidents, including fatalities (where cyber events • reputational damage
or attacks cause system error or malfunction, which result in
operational incidents)
Management
We employ a number of measures designed to protect against, detect • cybersecurity awareness plan and training
and respond to cyber events or attacks, including: • security assessments and monitoring
• BHP’s standards on technology and cybersecurity, communications • restricted physical access to critical centres, servers and
and external engagement network equipment
• cybersecurity strategy and resilience programs • incident response and crisis management plans
• enterprise security framework and cybersecurity standards
FY2020 insights
There were no identified cybersecurity breaches to the Group’s technology environment during FY2020 despite an increase in attempted
cyberattacks during the COVID-19 pandemic. The Group’s exposure to cybersecurity-related risk events increased in FY2020 and is expected to
increase further, primarily due to our growing reliance on technology and the increasing sophistication and frequency of external cyberattacks.
40 BHP Annual Report 2020