EY said the move to more technologically advanced mine operating systems had been good for productivity but suggested some networks and even workstations were openly accessible online, with gaps coming because of lax standards away from miners' head offices.
The fear of data intruders is not unreasonable.
According to EY data, 55% of energy and resources companies surveyed had "experienced a significant cybersecurity incident" in the 12 months to the September quarter of 2017.
While this isn't defined, examples include the Goldcorp (CN:G) data dump in 2016 and, more recently, hackers shutting down a Schneider automation system in an unnamed industrial plant (likely in Saudi Arabia, according to Reuters).
Operations are open to disruption because they are vulnerable.
"Critical operational technology systems, networks and workstations are excessively accessible from the corporate network (in the worst case, from the internet) due to network segregation gaps," the report said.
Obviously, EY pitches its own expertise in handling the problem.
"We estimate that mining companies are in fact lagging the rest of the energy sector by several years in how they protect operational technology," mining and metals cyber chief Michael Rundus said.
"If companies continue to take an ad hoc approach to cybersecurity, or act when it is too late to manage vulnerabilities, cyber risk could be the downfall of organisations' productivity gains and digital advancement aspirations."
The firm's survey said 48% of the 1,200 executives surveyed found were doubtful their company would even work out a "sophisticated" hack had happened.