XML 221 R46.htm IDEA: XBRL DOCUMENT v3.25.2
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Jun. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

Sasol considers cybersecurity as a top risk and has strong governance and assurance management processes in place to provide oversight over the following:

Identification and understanding of the risk;
Implementation of preventative and corrective controls;
Execution and monitoring of mitigating controls;
Governance, assurance, and reporting of the process’s efficacy; and
Analysis and improvement of the overall process maturity.  

To further support this, our governance uses multiple levels of assurance by segregated parties, starting with the (i) level 1 & 2 risk perspective which focuses on assurance activities performed by employees and management within the function, (ii) level 3 performed by independent internal audit function, (iii) level 4 which is done by external independent assurance providers and finally (iv) level 5 which is completed by the GEC and the board of directors. In addition, several penetration, red-teaming, and simulation exercises are performed annually.

Refer to “Item 3.D. Risks related to information technology” on cybersecurity risks

In terms of framework, we align with the NIST CSF framework and have a well-defined Incident response plan that is tested and improved quarterly. We make use of threat intelligence, penetration testing, red-teaming, third party risk management and vulnerability management to reduce our attack surface in addition to several mechanisms for detecting and responding to anomalies. We have a team of in-house and external cybersecurity experts to detect, protect, respond and remediate cyber threats. The Chief Information Officer (CIO) and Head of Cybersecurity are responsible for reporting to the GEC and the audit committee through the Information Management executive committee on the prevention, detection,

mitigation and remediation of all threats and cybersecurity incidents.

Sasol has not experienced a cybersecurity incident that had a material impact on our business strategy, operations, or financial reporting in the last financial year. Despite this, we are cognisant of the fact that cyber-attacks are increasing in volume and sophistication and we continuously strive to improve our cyber security posture.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]

Sasol considers cybersecurity as a top risk and has strong governance and assurance management processes in place to provide oversight over the following:

Identification and understanding of the risk;
Implementation of preventative and corrective controls;
Execution and monitoring of mitigating controls;
Governance, assurance, and reporting of the process’s efficacy; and
Analysis and improvement of the overall process maturity.  

To further support this, our governance uses multiple levels of assurance by segregated parties, starting with the (i) level 1 & 2 risk perspective which focuses on assurance activities performed by employees and management within the function, (ii) level 3 performed by independent internal audit function, (iii) level 4 which is done by external independent assurance providers and finally (iv) level 5 which is completed by the GEC and the board of directors. In addition, several penetration, red-teaming, and simulation exercises are performed annually.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Sasol has not experienced a cybersecurity incident that had a material impact on our business strategy, operations, or financial reporting in the last financial year. Despite this, we are cognisant of the fact that cyber-attacks are increasing in volume and sophistication and we continuously strive to improve our cyber security posture.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Information Management and Digital functions report to the Audit Committee, which is a sub-committee of the board of directors of Sasol Limited. The Audit Committee oversees the main cybersecurity risk for Sasol. A member of board of directors with relevant IT experience oversees the effectiveness of the cyber security strategy, major projects, security incidents and controls. There is a process through the Sasol GEC to inform the board of directors/Audit Committee members of potential cyber threats, potential incidents and incidents on a quarterly basis.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee oversees the main cybersecurity risk for Sasol.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Information Management and Digital functions report to the Audit Committee, which is a sub-committee of the board of directors of Sasol Limited.
Cybersecurity Risk Role of Management [Text Block] The Chief Information Officer (CIO) and Head of Cybersecurity are responsible for reporting to the GEC and the audit committee through the Information Management executive committee on the prevention, detection, mitigation and remediation of all threats and cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Chief Information Officer (CIO) and Head of Cybersecurity
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The member of the board of directors responsible for Information Management is Executive Vice President Commercial and Legal, who is supported by the Group’s appropriately experienced CIO who has a BCom information systems and MBA with more than 20 years’ experience in IT leadership, and 32 years Sasol working experience, and Head of Cyber Security with a qualification in computer science and 28 years’ experience in IT in various disciplines.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true