Abstract
Companies in the mining industry, like many other companies, have progressively embraced advanced information technology “IT” to enhance productivity and streamline processes. This digital transformation, however, has simultaneously rendered these mining companies prime targets for cyberattacks and IT challenges. The industry's dependence on interconnected systems and vast volumes of data underscores the necessity for robust IT governance and cybersecurity measures to safeguard against potential disruptions and financial losses. Thus, it is imperative for these companies to identify and address their IT vulnerabilities in security and governance to protect their assets and safeguard stakeholders' interests.
This identification and mitigation of IT weaknesses are integral aspects of corporate governance. Within the South African context, Johannesburg Stock Exchange “JSE”-listed companies are mandated to comply with the King IV Code, which is regarded as best practice. This includes adherence to the disclosure requirements specified in Principle 12 of the King IV Code.
This study sought to investigate whether JSE-listed mining companies comply with the disclosure requirements of Principle 12 of King IV, which is crucial for mitigating potential IT risks and cyberattacks. To achieve the research objective, an empirical study employing a qualitative method through documentary analysis was conducted.
Findings from the empirical study indicate that most mining companies are cognisant of the disclosure requirements of King IV Principle 12. However, the analysis revealed that certain companies still require improvement, as some disclosure requirements were not met. This suggests a potential lack of comprehensive disclosures of King IV’s compliance obligations. Notably, the analysis observed an improvement in disclosure compliance from the year 2022 to 2023. Furthermore, the study found that the evolution of technology has fundamentally transformed operational practices, leading to enhanced efficiencies, thus necessitating more sophisticated risk management strategies and an increased emphasis on robust cybersecurity measures.