Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cyber response strategy Following the cyber-attack detected in July 2024, the Group enhanced its cyber response strategy which was presented to the Audit Committee, showcasing the Group’s defences against cyber threats. This strategy reflects a proactive approach to safeguarding our digital infrastructure. Recognising the ever-evolving nature of cybersecurity challenges, our strategy incorporates robust measures to detect, respond to, and where required disclose cyber incidents. The Group's cybersecurity strategy and approach includes: •Mitigation of risks and vulnerabilities through performance of risk assessments to identify and assess potential cyber risks. The cyber and IT risks is incorporated into the Group’s strategic risk register which forms part of the Group’s risk management process •Ensuring standards and compliance through development and implementation of comprehensive Information Security Management System policies such as the Information and Communication Technology (ICT) Code of conduct, Information security, Vulnerability, Backup and ICT disaster recovery policies, in alignment to international standards on ICT security •Responding to cybersecurity incidents through Intrusion detection and prevention by implementation of industry best practice technologies to protect our network Fostering a cyber awareness culture through conducting security awareness training by continuously educating and creating awareness amongst users with an equal responsibility with respect to cybersecurity •Defense-in-depth security through regular backup of critical data and testing restoration •To protect against cyber threats, the Group employs various layers of security protection which includes the human layer, perimeter, network, endpoint, application and data security layers to protect mission critical assets •The Group follows a business impact assessment process (BIA) to ensure that ICT has visibility of business critical systems which are supported by ICT Cybersecurity response plan The Group’s cybersecurity response plan is defined in three steps which includes internal control, external reliance, and increased audit frequency. Cyber breach incident response and process The Group’s cybersecurity response plan is defined in three steps which includes internal control, external reliance, and increased audit frequency. To assist with any cyber breach incidents Sibanye-Stillwater has engaged the services of an external consultant for an on-demand cyber incident response service providing technical support and expertise when required. This external consultant is experienced in incident investigation, response, containment and has access to world-leading incident response support. Sibanye-Stillwater has incorporated terms and conditions around privacy, confidentiality, security, integrity and availability of information into the agreements of third parties. All third parties are notified of their responsibility to report any security incidents to the Sibanye-Stillwater relationship manager. The relationship manager will then follow the internal incident and response procedure. The cyber breach internal response process comprises the following: Assess and contain •Triage by performing an internal impact assessment and categorisation. Based on the severity and complexity, the external contracted security company might be contacted •Contacting key individuals including but not limited to the CFO, VP Group ICT and management from the affected business area head of department (HOD) and notifying the Group’s insurer •Core response process triggered through confirmation of alert level and incident categorisation Core response •Incident management team oversee, communicate and engage support •Capture and analyse data using the contracted external security consultant •Assess materiality of the of the cyber breach and potential impact with limited stakeholders and disclosure counsel •If the breach is determined to be material an assessment is then escalated to an extended team •The extended team includes VP Group ICT, Manager ICT: Infrastructure, Unit Manager Security, Manager ICT: Information Management, Senior Manager SOX Ethics and Policies, Compliance Manager, Manager Financial Reporting, Manager Risk and Insurance, VP Protection Services, VP Investor Relations and other relevant party that can add value to the process to be determined on a case by case basis •A disclosure assessment is performed using evaluation criteria in line with Sibanye-Stillwater's regulatory requirements. Relevant disclosures are prepared as required •Review solution and remediation steps considering all potentially impacted areas •Contain/mitigate the threat by remediation through fully removing or closing the incident and confirming successful remediation or recover if required Close out and review •Close out and review the incident logged •For each incident being closed out, we consider whether the cybersecurity incident has materially affected or is reasonably likely to materially affect the business strategy, operations, or financial condition and update the risk assessment and strategic register as required
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Group's cybersecurity strategy and approach includes: •Mitigation of risks and vulnerabilities through performance of risk assessments to identify and assess potential cyber risks. The cyber and IT risks is incorporated into the Group’s strategic risk register which forms part of the Group’s risk management process •Ensuring standards and compliance through development and implementation of comprehensive Information Security Management System policies such as the Information and Communication Technology (ICT) Code of conduct, Information security, Vulnerability, Backup and ICT disaster recovery policies, in alignment to international standards on ICT security •Responding to cybersecurity incidents through Intrusion detection and prevention by implementation of industry best practice technologies to protect our network Fostering a cyber awareness culture through conducting security awareness training by continuously educating and creating awareness amongst users with an equal responsibility with respect to cybersecurity •Defense-in-depth security through regular backup of critical data and testing restoration •To protect against cyber threats, the Group employs various layers of security protection which includes the human layer, perimeter, network, endpoint, application and data security layers to protect mission critical assets •The Group follows a business impact assessment process (BIA) to ensure that ICT has visibility of business critical systems which are supported by ICT
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Board and Audit committee oversee the ICT governance in Sibanye-Stillwater. The Board and Audit Committee delegate responsibility for the implementation of an ICT Governance framework to the Vice President Group ICT who is held accountable for the effectiveness of the cybersecurity programme and strategy. The Audit committee is informed quarterly about any change in cybersecurity risks or upon recognition of any material cybersecurity incident which may need to be reported.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board and Audit committee oversee the ICT governance in Sibanye-Stillwater. The Board and Audit Committee delegate responsibility for the implementation of an ICT Governance framework to the Vice President Group ICT who is held accountable for the effectiveness of the cybersecurity programme and strategy.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit committee is informed quarterly about any change in cybersecurity risks or upon recognition of any material cybersecurity incident which may need to be reported.
Cybersecurity Risk Role of Management [Text Block]	The Sibanye-Stillwater management team responsible for cybersecurity has extensive experience in all areas required to maintain an effective and safe ICT landscape. ICT team members responsible continuously engage in seminars, security forums and security briefs to ensure we remain up to date with industry developments. The VP group ICT reports the Cybersecurity strategy and posture directly to the Audit Committee. Members of the ICT team have undergone formal training and certification of auditor on ISO27001:2013 with the 2022 version transition. Management have created a cybersecurity strategy which involves leveraging several technologies, processes, skill sets, and risk mitigation products to manage the cyber risk holistically. Preventative and detective security measures are in place to reduce the risk of an incident occurring and causing business disruptions. Disaster recovery processes are in place and tested annually to ensure the continuity of business systems. Vulnerability assessments conducted by contracted specialised third parties provide Group ICT management with an independent view of the capabilities to respond to an incident and whether the appropriate controls are in place to mitigate against offensive threats. Following the assessment, the issues identified are tracked and remediated. Management then focuses on remediating the issues raised in the report. The main focus is to ensure continuous improvement and preventing reoccurrence of the same incident in the environment. The results of the independent assessments over the past financial periods have indicated a strong security posture. Management reviews cyber risks in several forums as part of the Group ICT Risk Management process. Whilst the risk of a cybersecurity incident event cannot be fully mitigated, Sibanye-Stillwater has taken further measures to receive technical, legal, and forensic support should a significant incident occur.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Sibanye-Stillwater management team responsible for cybersecurity has extensive experience in all areas required to maintain an effective and safe ICT landscape. ICT team members responsible continuously engage in seminars, security forums and security briefs to ensure we remain up to date with industry developments. The VP group ICT reports the Cybersecurity strategy and posture directly to the Audit Committee. Members of the ICT team have undergone formal training and certification of auditor on ISO27001:2013 with the 2022 version transition.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Sibanye-Stillwater management team responsible for cybersecurity has extensive experience in all areas required to maintain an effective and safe ICT landscape. ICT team members responsible continuously engage in seminars, security forums and security briefs to ensure we remain up to date with industry developments.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The VP group ICT reports the Cybersecurity strategy and posture directly to the Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cyber response strategy

Following the cyber-attack detected in July 2024, the Group enhanced its cyber response strategy which was presented to the Audit

Committee, showcasing the Group’s defences against cyber threats. This strategy reflects a proactive approach to safeguarding our digital

infrastructure. Recognising the ever-evolving nature of cybersecurity challenges, our strategy incorporates robust measures to detect,

respond to, and where required disclose cyber incidents.

The Group's cybersecurity strategy and approach includes:

•Mitigation of risks and vulnerabilities through performance of risk assessments to identify and assess potential cyber risks. The cyber

and IT risks is incorporated into the Group’s strategic risk register which forms part of the Group’s risk management process

•Ensuring standards and compliance through development and implementation of comprehensive Information Security

Management System policies such as the Information and Communication Technology (ICT) Code of conduct, Information

security, Vulnerability, Backup and ICT disaster recovery policies, in alignment to international standards on ICT security

•Responding to cybersecurity incidents through Intrusion detection and prevention by implementation of industry best practice

technologies to protect our network Fostering a cyber awareness culture through conducting security awareness training by

continuously educating and creating awareness amongst users with an equal responsibility with respect to cybersecurity

•Defense-in-depth security through regular backup of critical data and testing restoration

•To protect against cyber threats, the Group employs various layers of security protection which includes the human layer,

perimeter, network, endpoint, application and data security layers to protect mission critical assets

•The Group follows a business impact assessment process (BIA) to ensure that ICT has visibility of business critical systems which are

supported by ICT

Cybersecurity response plan

The Group’s cybersecurity response plan is defined in three steps which includes internal control, external reliance, and increased audit

frequency.

Cyber breach incident response and process

The Group’s cybersecurity response plan is defined in three steps which includes internal control, external reliance, and increased audit

frequency.

To assist with any cyber breach incidents Sibanye-Stillwater has engaged the services of an external consultant for an on-demand cyber

incident response service providing technical support and expertise when required. This external consultant is experienced in incident

investigation, response, containment and has access to world-leading incident response support. Sibanye-Stillwater has incorporated terms

and conditions around privacy, confidentiality, security, integrity and availability of information into the agreements of third parties. All third

parties are notified of their responsibility to report any security incidents to the Sibanye-Stillwater relationship manager. The relationship

manager will then follow the internal incident and response procedure.

The cyber breach internal response process comprises the following:

Assess and contain

•Triage by performing an internal impact assessment and categorisation. Based on the severity and complexity, the external

contracted security company might be contacted

•Contacting key individuals including but not limited to the CFO, VP Group ICT and management from the affected business area

head of department (HOD) and notifying the Group’s insurer

•Core response process triggered through confirmation of alert level and incident categorisation

Core response

•Incident management team oversee, communicate and engage support

•Capture and analyse data using the contracted external security consultant

•Assess materiality of the of the cyber breach and potential impact with limited stakeholders and disclosure counsel

•If the breach is determined to be material an assessment is then escalated to an extended team

•The extended team includes VP Group ICT, Manager ICT: Infrastructure, Unit Manager Security, Manager ICT: Information

Management, Senior Manager SOX Ethics and Policies, Compliance Manager, Manager Financial Reporting, Manager Risk and

Insurance, VP Protection Services, VP Investor Relations and other relevant party that can add value to the process to be

determined on a case by case basis

•A disclosure assessment is performed using evaluation criteria in line with Sibanye-Stillwater's regulatory requirements. Relevant

disclosures are prepared as required

•Review solution and remediation steps considering all potentially impacted areas

•Contain/mitigate the threat by remediation through fully removing or closing the incident and confirming successful remediation

or recover if required

Close out and review

•Close out and review the incident logged

•For each incident being closed out, we consider whether the cybersecurity incident has materially affected or is reasonably likely

to materially affect the business strategy, operations, or financial condition and update the risk assessment and strategic register

as required

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]