Cyber Risk & Security Considerations in the Construction Industry
By CJ Dietzman, Alliant Cyber
Listen to Audio Version:
It is an interesting and critically important time for cyber risk management and security in the construction industry.
Several industry developments are driving changes on the cyber risk front, including the increased use of mobile devices, digitization and connectivity to the cloud, and increased reliance on third-party vendors and subcontractors.
Embracing innovation is no longer an option, but a necessity. Construction companies across the industry are prioritizing innovation, with a focus on new offerings, business models and technology enablement.
When approaching cyber risk and security in construction, the industry should exercise caution. While the industry focuses on driving innovation through new technologies that help spur growth and business opportunities in a period of economic uncertainty, we cannot let the pursuit of business and technological advancements outpace an organization’s cyber risk tolerance. Avoiding negative repercussions or undesirable situations is paramount for the business' wellbeing, and managing cyber risk requires an enhanced approach to addressing cyber threats, risks, controls and insurance.
Some of the most common cyber threats facing construction companies today include ransomware, phishing, data breach, business email compromise, wire fraud, and the list goes on. By adopting proactive measures and robust cybersecurity practices, we can effectively safeguard the business and mitigate potential cyber risks.
Here are a few things that construction businesses should consider right now when it comes to cyber risk management:
- Innovation is increasing the cyber-attack surface - IoT, Automation, AI, PropTech and data analytics are increasing technology dependence and expanding vulnerabilities and potential attack vectors.
- Proliferation of temporary sites and networks - Many construction businesses operate from an ever-changing footprint of temporary and remote work locations, which may present technology and security vulnerabilities.
- Heavy reliance on temporary workforce - Pervasive usage of contractors, subcontractors, temporary workers and third parties can reduce the organization’s level of security control while increasing potential exposures.
- Lack of cyber regulatory focus - The construction industry has historically not been subject to mandatory cyber regulatory requirements or scrutiny, which has had the adverse effect of deemphasizing cyber priorities.
- Legacy infrastructure - Construction organizations are not known for heavy investment in IT, OT and security innovation and architecture, and their environments may include significant deprecated systems.
- Constrained resources - Construction firms typically have lean IT, cybersecurity and risk management teams and budgets, which may exasperate cyber exposures.
Alliant Cyber works proactively with our clients to deploy an integrated approach to cyber risk management, including assessing, quantifying, mitigating and transferring cyber risks. Our construction clients are seeing better cyber insurability outcomes and positioning themselves in an improved overall cybersecurity posture against emerging threats.
Visit Alliant Cyber for more information
Alliant note and disclaimer: This document is designed to provide general information and guidance. Please note that prior to implementation your legal counsel should review all details or policy information. Alliant Insurance Services does not provide legal advice or legal opinions. If a legal opinion is needed, please seek the services of your own legal advisor or ask Alliant Insurance Services for a referral. This document is provided on an “as is” basis without any warranty of any kind. Alliant Insurance Services disclaims any liability for any loss or damage from reliance on this document.
News & Resources
Specialty Podcast: Analyzing Cyber Risks and Solutions with Crime and Fidelity
Adam Pardi is joined by Mike Beranek, Berkeley Crime, to discuss the importance of crime and fidelity insurance considering ever-evolving threat of social engineering and cyber-crime. The two explore FBI crime statistics and scenarios and provide solutions to best protect your business.
Specialty Podcast: An Inside Look at the White House National Cybersecurity Strategy
David Finz is joined by Stephen Vina, Executive Office of the President, to discuss the White House's National Cybersecurity Strategy released on March 2, 2023. Together, they discuss the recently established Office of the National Cyber Director, exploring its mission and core principles.
Financial R&R: Everyone is a target. What to do NOW for when, not if, a cyber-attack occurs
Ron Borys and Ryan Farnsworth, Alliant, sit down with David Finz, Alliant Cyber Claims and David Kruse, Director of Strategic Client Services, Tetra Defense to review the "year of ransomware" and fundamental steps companies should be taking now in preparation for when, not if, a cyber-attack will occur.