Cyber Security in Construction

Cyber Security in Construction

Cyber-attacks have continued to grow and become a daily worry for major corporations. Being aware of the effects that a cyber-attack could have on your business is extremely important, especially with the rising number of devices in our society. The number of connected devices is supposed to grow from 31 billion in 2021 to 75 billion by 2025.

The United States has been experiencing a high activity of cyber-attacks recently. It is important to understand the risks that come with cyber liability and how you can properly protect yourself and your business.

Cyber Risk in the Construction Industry

The construction industry has started to incorporate technology in its day-to-day operations. Technology has helped advance the process of construction, from project modeling to drone surveying. Construction industry employees do not use technology in the same way as the traditional office environment, but they utilize the same laptops, smartphones, and tablets.

Management of this industry is reliant on IT networks, software applications, payroll information, sharing of bids, blueprints, employee records and financial information. It is reasonable to want to protect all these important documents from any attackers. There are several types of cyber-attacks that are important to be able to recognize to help protect the industry.

Types of Cyber Attacks

  • Social Engineering: Social engineering is one of the leading cyber-attacks in the construction industry. This involves scammers impersonating senior management and key vendors to access confidential information.
  • Business Email Compromise (BEC tactics): BEC tactics try to convince victims to wire funds or provide sensitive information that can be monetized. These scammers are focused on construction companies that use wire transfers and have suppliers abroad.
  • Phishing: Phishing is the most common social engineering attack. Phishing is when an attacker sends a fraudulent message designed to trick a person into revealing sensitive information, such as credit card numbers, login credentials, and passwords.
  • Ransomware: Ransomware is a form of malware that targets the technical weaknesses in an organization’s IT infrastructure. Victims are sent and tricked into clicking malicious links or attachments. This often results in all files becoming encrypted and inaccessible to the rightful owner. The victim receives a demanding message requesting a ransom to be paid before receiving the decryption key. In 2020, the average ransom payment was $170,000.

Knowing these cyber-attack strategies isn’t enough to protect your business. Investing in cyber liability insurance will provide you with the tools you and your employees need to be able to spot malicious hardware.

Cyber Liability Insurance (Cyber Risk Transfer)

As businesses and their technology continues to grow and become more sophisticated, so do the attackers. Protecting your confidential information and technology is important, which is why we suggest cyber liability insurance. “Cyber liability insurance is an insurance policy that provides businesses with a combination of coverage options to help protect the company from data breaches and other cyber security issues” (Travelers).

What is included in Cyber Liability coverage?

Cyber liability insurance may cover costs associated with data breaches or attacks on your business. These costs can include, “lost income due to a cyber event, costs associated with notifying customers affected by a breach, costs for recovering compromised data, costs for repairing damaged computer systems and more” (Travelers). Most cyber liability plans are customizable, but they all should at least cover the following:

  • Your liability to others – also known as third party claims, includes defense costs, damages/settlements and any regulatory actions filed against you
  • Data breach response – pays to engage forensic, legal, and notification costs to the affected individuals
  • Ransomware – pays the ransom and expert negotiators with immediate access to bitcoin, and pays your loss because of business interruption
  • Loss of funds – from wire fraud, social engineering losses/phishing
  • Regulatory fines and penalties – where insurable, different states have different laws on insuring fines and penalties

If you have not had discussions with your insurance professional about cyber liability insurance, the time to do so is now. It’s not a matter of if, but when a cyber-attack occurs.  Protect your company and clients before it is too late by contacting us at (972) 490-8800 or by requesting a quote at


Ron Thompson, CoVerica risk management solutions for heavy construction.