Cyber Security

Woodside’s approach to cybersecurity remains multi-faceted and dynamic to reflect the changing cyber threat landscape.

On this page

Responding to widespread, sustained cyber attacks and preventing breaches requires vigilance, layered security controls and a cyber aware mindset across Woodside

We have built a strong internal cyber capability that aims to protect our people, assets, reputation and brand.

Our approach

Our approach1

Woodside's approach to Cyber Security remains multi-faceted and dynamic to reflect the changing cyber threat landscape and our expanding global operating footprint. Our cyber program includes focusing on protecting data and securely connecting Operational Technology while tightly managing, verifying and assuring vital systems. We have invested in strong internal cyber capability that aims to protect our people, assets, reputation and brand. We collaborate with peers, government and our partners to build and maintain the right culture, processes and technology.

Woodside's global response capability continues to develop and mature to provide appropriate response capability across all our assets. We prioritise the safety and security of our people, assets, reputation and brand in all of our locations.

view larger image
view larger image view larger image
view larger image
Our performance

Our performance2

Woodside responded to an increase in cyber related events in 2025. We reported two3 events to the Australian Cyber Security Centre (ACSC) in 2025, which were both significant phishing campaigns directed at our IT environment.

The reports provided to the ACSC were voluntary and the events did not result in any material business impact.

Woodside complied with all Security of Critical Infrastructure (SoCI) commitments and formally submitted the required compliance attestation for all registered Australian assets via the Australian federal government portal.

Woodside maintains a watching brief on new legislation in the countries where we operate. We have seen, as expected, an increased government focus with legislative obligations on compliance to help prevent the loss or theft of personal and commercially sensitive information and the emerging technology of artificial intelligence (AI) across all jurisdictions.

Operational Technology Cyber Security Incident Response Team

The Operational Technology Cyber Security Incident Response Team (CSIRT) capability is based on Woodside’s mature Information Technology CSIRT model and continues to be extended with the intent to be able to detect and respond rapidly, effectively and consistently to cyber incidents across our Operational Technology environment. The Operational Technology CSIRT provided support to Australian asset turnaround activities, to increase the security of our assets. The CSIRT are given the same priority as the assets’ traditional emergency response capabilities in the event of a cyber event.

Cyber awareness

Our company wide cyber education and awareness continued to be expanded in 2025. Mandatory training for all Woodside personnel was refreshed and aligned to current threats, risks and best practices. Targeted role based training builds the competency of Information Technology Administrators responsible for working in our digital ecosystem. Tailored threat based briefings were delivered to senior leaders, executives and directors that gave context to current cyber threats and protective controls enabled across the environment. We periodically perform cyber incident simulation activities, focused on both technical capabilities and business process. In 2025, Woodside participated in two national, sector-wide cyber simulations facilitated by the Australian Energy Market Operator (AEMO) and the Department of Home Affairs.

Woodside promotes a culture of reporting which is a key pillar in building awareness of cyber risk and incident mitigation. Regular phishing simulations are issued company-wide to raise awareness of malicious messages and the value of early reporting. The Cyber Security team have dedicated roles that enable facilitation and communication across the business to respond to queries about any type of potential cyber threat.

Organisation wide events for Cyber Security Awareness Month in October highlighted emerging digital threats and promoted key cyber practices our workforce could take into their personal digital lives to uplift security.

Woodside's Audit & Risk Committee of the Board has oversight of Cyber Security matters including evolving risk and business considerations.

Footnotes

    Footnotes

      Sustainability links

      Click the links below to navigate through to more sustainability pages.

      Environment
      Social
      Governance
      Our stakeholders
      Sustainability frameworks and supporting information
      Sustainability Databook
      Last updated: 5/03/2026 7:59:20 PM