Cybersecurity

Woodside’s approach to cybersecurity remains multi-faceted and dynamic to reflect the changing cyber threat landscape.

IMPORTANT TOPIC

Responding to widespread, sustained cyber attacks and preventing breaches requires vigilance, layered security controls and a cyber aware mindset across Woodside

We have built a strong internal cyber capability that aims to protect our people, assets, reputation and brand.

Our approach1

Woodside’s approach to cybersecurity remains multi-faceted and dynamic to reflect the changing cyber threat landscape. Our cyber program includes focusing on protecting data and securely connecting Operational Technology while tightly managing, verifying and assuring vital systems. We have invested in strong internal cyber capability that aims to protect our people, assets, reputation and brand. We collaborate with peers, government and our partners to build and maintain the right culture, processes and technology.

Woodside’s global response capability continues to develop and mature to provide appropriate response capability across all our assets. We prioritise the safety and security of our people, assets, reputation and brand in all of our locations.

view larger image
view larger image view larger image
view larger image

Our performance2

Woodside responded to an increase in cyber related events in 2024. We reported eight3 events to the Australian Cyber Security Centre (ACSC) in 2024, including a zero day vulnerability related to our firewall provider and four significant phishing campaigns.

The reports provided to the ACSC were voluntary and the events did not result in any material business impact.

Woodside complied with all Security of Critical Infrastructure (SoCI) commitments and formally submitted the required compliance attestation for all registered Australian assets via the Australian federal government portal.

Woodside maintains a watching brief on new legislation in the countries where we operate. We have seen, as expected, an increased government focus with legislative obligations on compliance to help prevent the loss or theft of personal and commercially sensitive information across all jurisdictions.

Operational Technology Cyber Security Incident Response Team

The Operational Technology Cyber Security Incident Response Team (CSIRT) capability is based on Woodside’s mature Information Technology CSIRT model and continues to be extended with the intent to be able to detect and respond rapidly, effectively and consistently to cyber incidents across our Operational Technology environment. The Operational CSIRT provided support to Australian asset turnaround activities, to increase the security of our assets. The CSIRT are given the same priority as the assets’ traditional emergency response capabilities in the event of a cyber event.

Cyber awareness

Our company wide cyber education and awareness continued to be expanded in 2024. Mandatory training for all Woodside personnel was refreshed and aligned to current threats, risks and best practices. Targeted role based training builds the competency of Information Technology Administrators responsible for working in our digital ecosystem. Tailored threat based briefings were delivered to senior leaders, executives and directors that gave context to current cyber threats and protective controls enabled across the environment. We periodically perform cyber incident simulation activities, focused on both technical capabilities and business process.

Organisation wide events for Cybersecurity Awareness Month in October highlighted emerging digital threats and promoted key cyber practices our workforce could take into their personal digital lives to uplift security.

Woodside’s Audit & Risk Committee of the Board has oversight of cybersecurity matters including evolving risk and business considerations.

Footnotes

    Footnotes

      Sustainability links

      Click the links below to navigate through to more sustainability pages.

      Sustainability Strategy and Plan
      Sustainability governance
      Materiality for sustainability topics
      United Nations Sustainable Development Goals
      Environment
      Social
      Governance
      Sustainability Databook
      Last updated: 13/02/2025 2:06:06 PM