Cyber losses in construction are increasing. These attacks can shut down businesses, damage reputations and result in costly litigation and fines.
The construction industry is an attractive target for cybercriminals, which depends on a number of factors, including:
- Reduced cyber preparedness—The construction sector is still largely unregulated in terms of cyber security and integrity. As a result, cyber preparedness has not been a priority for many in the industry. In fact, according to an IBM study, 74% of construction organizations are unprepared for a cyberattack.
- More desirable information—Construction companies store large amounts of sensitive business data and personal information, making them lucrative targets for cybercriminals. If this data is accessed incorrectly, it can lead to damage to reputation, fines and related lawsuits.
- Increased use of technology—Many of the devices used by construction companies to increase efficiency in the workplace (eg asset tracking, machine control and workplace security) are vulnerable to cyberattacks.
- Increased third-party exposures—Construction companies often work with multiple suppliers or third-party contractors, which increases their cyber exposure. After all, a data breach within one of these partner companies can result in extensive cyber losses.
Cyber losses in construction after accidental years
Advised data show that cyber losses in the construction industry have increased since 2010, with the most dramatic increase in 2020. The decrease in 2021 is probably due to a data delay and may not be representative of an actual reduction in cyber losses.
The peak in 2020 may be partly due to an increase in cyber attacks overall. According to the FBI, cyber attacks increased by 400% in 2020.
Top cyber threat
Cybercriminals use a variety of methods to attack construction companies. Here are the most common types of cyber losses in construction:
Cyber losses for construction by type
Unauthorized contact or disclosure is the most common type of cyber loss in construction and accounts for 44% of the registered losses. These losses include all incidents where information is exposed to unauthorized parties. Malicious hacks and ransomware attacks account for 30% and 10% of the remaining cyber losses, respectively.
Although ransomware attacks currently only represent the third most common type of cyber-loss in construction, such attacks are a growing problem. In fact, a recent study found that the construction industry was the premier industry that ransomware targeted in 2021.
Cyber attacks in the construction industry most often come from attacks on corporate servers, according to Advisen’s data. Telephone communication and e-mail are the second and third most common sources of cyber losses in the construction industry.
Personally identifiable information (eg name, social security number and driving license number) is targeted at 60% of cyber attacks in the construction sector. Personal financial information and personal health information focus on 36% and 4% of cyber attacks in the industry, respectively.
Notable cyber attacks on construction companies in Advisen’s database include:
- Bird Construction – 2019 was Bird Construction’s alleged target of MAZE cybercriminals. The hackers stole 60 gigabytes of data, including social security numbers, bank details, names, email addresses and health information.
- Bouygues Construction – By 2020, cybercriminals will have broken into the server for Bouygues Construction. As a result, the entire corporate network was shut down. The cybercriminals are said to have stolen 200 gigabytes of data and demanded a ransom of 10 million dollars.
Between response costs, potential ransoms and associated fines, cyberattacks can quickly cost millions of dollars in damage.
Risk reduction strategies
Although cyber threats are common, there are steps that construction companies can take to minimize their risks. Here are some strategies for companies to consider:
- Complete training. Educate employees on how to recognize potential cyberattacks. Provide clear instructions for employees to follow if they believe a cyberattack has occurred.
- Prioritize supply chain management. Identify the risks of working with external organizations. Consider creating legal contracts with contractors and third-party companies to manage cyber risk management.
- Have a plan. Develop and practice a management plan for cyber incidents. This should include identifying an internal and external response team, clarifying the roles and responsibilities of key team members, and anticipating critical actions for business continuity and workplace safety issues.
- Buy proper insurance. Talk to a trusted insurance specialist to ensure adequate coverage for cyber losses.
Are you worried about your construction business? We can help.
Cyber threats have become increasingly common among construction companies. As such, appropriate risk mitigation strategies are necessary to reduce the risk of costly cyberattacks. If you want additional information and resources, we are here to help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready to make Cyber Liability Insurance part of your insurance portfolio, request a suggestion or download and get started with our Cyber & Data Breach Insurance Application and we will work for you.