Cyber Risk & Security Considerations in the Construction Industry

It is an interesting and critically important time for cyber risk management and security in the construction industry.

Several industry developments are driving changes on the cyber risk front, including the increased use of mobile devices, digitization and connectivity to the cloud, and increased reliance on third-party vendors and subcontractors.

Embracing innovation is no longer an option, but a necessity. Construction companies across the industry are prioritizing innovation, with a focus on new offerings, business models and technology enablement.

When approaching cyber risk and security in construction, the industry should exercise caution. While the industry focuses on driving innovation through new technologies that help spur growth and business opportunities in a period of economic uncertainty, we cannot let the pursuit of business and technological advancements outpace an organization’s cyber risk tolerance. Avoiding negative repercussions or undesirable situations is paramount for the business' wellbeing, and managing cyber risk requires an enhanced approach to addressing cyber threats, risks, controls and insurance.

Some of the most common cyber threats facing construction companies today include ransomware, phishing, data breach, business email compromise, wire fraud, and the list goes on. By adopting proactive measures and robust cybersecurity practices, we can effectively safeguard the business and mitigate potential cyber risks.

Here are a few things that construction businesses should consider right now when it comes to cyber risk management:

• Innovation is increasing the cyber-attack surface - IoT, Automation, AI, PropTech and data analytics are increasing technology dependence and expanding vulnerabilities and potential attack vectors.
• Proliferation of temporary sites and networks - Many construction businesses operate from an ever-changing footprint of temporary and remote work locations, which may present technology and security vulnerabilities.
• Heavy reliance on temporary workforce - Pervasive usage of contractors, subcontractors, temporary workers and third parties can reduce the organization’s level of security control while increasing potential exposures.
• Lack of cyber regulatory focus - The construction industry has historically not been subject to mandatory cyber regulatory requirements or scrutiny, which has had the adverse effect of deemphasizing cyber priorities.
• Legacy infrastructure - Construction organizations are not known for heavy investment in IT, OT and security innovation and architecture, and their environments may include significant deprecated systems.
• Constrained resources - Construction firms typically have lean IT, cybersecurity and risk management teams and budgets, which may exasperate cyber exposures.
   

Alliant Cyber is works proactively with our clients to deploy an integrated approach to cyber risk management, including assessing, quantifying, mitigating and transferring cyber risks. Our construction clients are seeing better cyber insurability outcomes and positioning themselves in an improved overall cybersecurity posture against emerging threats.

Visit Alliant Cyber for more information