Thiess Strengthens Global Cybersecurity with CrowdStrike

Thiess, a global mining services provider, operates some of the most advanced autonomous mining environments across Australia, Asia, and the Americas. With 12,000+ employees, a regionally-led operating model, and high-value OT systems running 24/7, the company faces cybersecurity stakes measured in both safety and production uptime.

A 2022 independent security audit outlined 13 critical initiatives needed to achieve the level of visibility, resilience, and global coverage required to protect both IT and OT operations.

“We operate in critical infrastructure sectors where cyber threats could impact safety, environmental stewardship, and operational continuity,” said Pete Leemeijer, Manager, Cyber Security & Governance for Thiess. “Addressing the auditor’s recommendations became our immediate priority.”

That mandate set Thiess on a path to transform its security model with a single, unified platform. The company chose CrowdStrike as its foundation.

To meet its audit requirements using legacy systems, Thiess would have needed to build a large internal SOC. Instead, the company deployed CrowdStrike Falcon® Complete Next-Gen MDR, which provides always-on monitoring, detection, response, and remediation delivered by CrowdStrike experts.

“CrowdStrike stood out with its cloud-native platform, AI-driven analytics, and expert response team, which delivered exceptional visibility and swift mitigation that other vendors didn’t provide,” said Leemeijer.

Deployment across Thiess’ global fleet took just six weeks. The business realized $2.5 million in first- and second-year savings, driven by decommissioning its outsourced SOC and moving from Microsoft E5 to E3 licensing. This also contributed to the company’s cyber insurance premiums continuing to decline year on year from 2023 to 2025.

Thiess had allocated funding to complete all 13 audit recommendations over three years. It achieved full compliance in just 18 months.

Falcon Complete Next-Gen MDR enabled Thiess to consolidate, operationalize, and automate its security operations at massive scale, despite operating autonomous mining sites with no onsite staff and closed OT ecosystems that cannot run traditional security tools. Alerts dropped from 4-5 per day to just one per month, while response times shrank from days to minutes.

“99% of alerts we saw were activities already remediated by CrowdStrike,” said Leemeijer. “CrowdStrike’s response time was within 10 minutes, and resolution usually happened within 30-60 minutes. The alerts we received were typically a post-mortem explaining the actions taken, along with any recommended follow-up.”

Even as Thiess acquired two additional businesses (PYBAR and MACA), the company didn’t need to increase security headcount. Each acquisition’s security transition was completed in under a week.

“CrowdStrike is a service that scales,” said Leemeijer. “For our acquisition security transition costs, it’s purely a licensing component … there is no consultancy component or resource component to do transformation.”

With the unified Falcon platform in place and a focused inhouse team, Thiess expanded its protections across data, identity, cloud, and exposure management.

Thiess deployed CrowdStrike Falcon® Data Protection to prevent data leakage, block unauthorized USB activity, and enforce controls on the use of sensitive information in external AI services. CrowdStrike has since prevented both intentional exfiltration attempts and the inadvertent sharing of internal information with public GenAI tools.

CrowdStrike Falcon® Cloud Security and CrowdStrike Falcon® Exposure Management extended the Falcon platform’s controls into the company’s Azure environment, giving Thiess a unified view of vulnerabilities, misconfigurations, and cloud security posture.

“A lot of these cloud platforms had been run up over the years,” said Leemeijer. “Now we know how well secured they are, and we can advise our Cloud team on the fundamental changes we need in the Azure space.”

With CrowdStrike Falcon® Identity Protection, Thiess utilises CrowdStrike to continuously monitor and remediate identity threats. This was an especially critical capability after moving away from Microsoft E5.

“With any identity alerts raised by our previous environment, we had to take action ourselves,” said Leemeijer. “CrowdStrike filled that gap perfectly, ensuring we didn’t compromise on security despite our Microsoft licensing changes.”

Finally, to protect its autonomous mining systems, Thiess configured Falcon Complete to apply more aggressive containment policies on servers and workstations linked to OT environments. This ensures earlier lockdown of services during investigations to prevent lateral movement into critical autonomous fleet operations.

Thiess is a leader in autonomous mining services, and is now applying the same principles of scale, efficiency, and automation to cybersecurity.

CrowdStrike has equipped Thiess with the visibility, AI-driven protections, and automation needed to support a small team securing a globally distributed and rapidly expanding business.

“CrowdStrike has introduced greater efficiencies and productivity not just for the security team, but for the broader IT group as well,” concluded Leemeijer. “We no longer have to talk about our security core and how safe we are. Now we’re looking forward to where CrowdStrike is going with AI and introducing even better autonomous protective controls.”