Skip to content

Cyberthreats in Construction

Incidents involving ransomware and other types of malware have reached epidemic proportions over the past few years, and the construction industry has absorbed more than its share of the damage. A recent study by Safety Detectives found that construction was the third-most targeted industry in North America in 2021, with 13.2 percent of all attacks.

There are a number of reasons for this, beginning with the fact that many construction organizations are easy targets for hackers. An IBM study noted that nearly three-quarters of construction-related companies are unprepared for a cyberattack, with no incident response plan in place.

Estimates vary widely as to the cost of a ransomware attack, but most agree that the ransom payment is only a small part of the total damage. Lost revenue from halted business operations, reputational damage, and even fines or litigation can all be parts of recovering from an attack.

While there are exceptions, the construction industry as a whole has typically lagged somewhat in its adoption of technology, including cyber defenses. Company leaders may have the attitude that the physical nature of construction makes a firm less vulnerable to attack, but that’s not the case. If you communicate electronically with customers, suppliers or financial institutions – and you do – you’re a potential target.

Although the construction business may have fewer people sitting at computers relative to other industries, worksite technology increasing relies on the Internet of Things (IoT), from asset tracking systems to on-site security. Updates and patches for these devices and systems are often neglected, making them ripe targets for cyber criminals.

Finally, many business owners in construction and elsewhere have a “we’re too small for hackers to care about” mindset, and nothing could be further from the truth. Thieves like easy targets, and smaller businesses are likely to have softer defenses, which is why the small-business sector as a whole has seen a huge spike in ransomware attacks.

There are no foolproof solutions, but the goal is to make a cyber intrusion of your business as difficult as possible, and that begins with a commitment from leadership to prioritize cyber defense. Here are a few suggestions to support that commitment.

Train the team. Many cyber breaches happen when an employee inadvertently clicks a malicious link in an email, or is otherwise fooled by hackers. The best defense against this is a well-trained workforce. Educate employees to recognize phishing attempts and other potential cyberattacks, and do so on an ongoing basis.

Look at the supply chain. Your suppliers and other external organizations are both a potential source of threats and a liability exposure should your own organization be hacked. Enlist an IT professional’s help in assessing your means of communicating with third-party stakeholders.

Plan for the worst. Every organization needs an incident response plan in case an attack happens despite your best efforts. This plan should spell out exactly what will happen in the event of a breach, and who’s responsible for each action item associated with recovery. This will help to minimize the damage and shorten the time frame to returning to normal operations.

Make sure you’re covered. Speak with an insurance professional about cyber liability coverage to offset your exposures. Your broker and the insurer will be additional resources in assessing and improving your cyber defenses.

Questions about cyberthreats in the construction industry? Contact Consolidated Insurance.

Skip to content