We use cookies to provide you with a responsive service to make your experience of our website(s) better. Please confirm that you agree to our use cookies
in accordance with our cookies policy.

By continuing to use our website we will assume that you are happy to receive non-privacy intrusive cookies.
Please be aware that if you disable cookies some functionality on the site will not work.

Alternatively, read our cookie policy to find out more about our cookie use and how to disable cookies.

Accept and continue

Is it time for the construction industry to re-think cyber risk?

At a glance

  • The construction industry’s reliance on technology has changed significantly over the last decade
  • Should the construction sector re-think the seemingly intangible risk of Cyber?
  • In her blog Bernadette Hackett, Head of the Global Construction Industry Community at Zurich looks to answer this question

Cyber risk probably isn’t a major concern for many construction sector organizations. After all, the industry’s focus is on physical work with tangible assets, and digital activity is fairly minimal and unlikely to attract cyber criminals – isn’t it?

So, why should the construction sector re-think this seemingly intangible risk?

Reliance on technology

The industry’s reliance on technology has changed significantly over the last decade, and there has been a massive adoption in terms of wider project delivery and how organizations operate.

From office operations to activities on-site, technologies such as cloud storage, email and smartphones are commonplace. Digital tools, such as Building Information Modelling (BIM), are also permeating all aspects of the design stage, along with technology such as 3D-printing, remote building monitoring systems, brick-laying robots and other automated techniques.

While the nature of adoption might be different from other industries, today’s construction sector organizations are unquestionably operating in a modern, digitized and connected way.

But, as the industry progressively embraces new technologies it cannot afford to ignore the corresponding risks. If unmanaged, cyber risk ultimately threatens to outweigh the benefits gained from continued technological advances.

An attractive target

The cyber-attacks that make headlines typically concern breaches of personal data, such as login credentials or credit card information. As the industry doesn’t regularly deal in such information, there is a common misconception that it is not a likely target for cyber criminals.

But unfortunately, this is not the case. The industry presents a wide-range of attractive opportunities for cyber criminals. From controlling critical services, to the theft of trade secrets, there are many reasons that a construction sector organization could fall victim to cyber-crime.

Just 33% of cyber incidents are ever reported, according to research by the Online Trust Alliance. And while the construction sector may experience cyber-crime, unless a breach conforms to strict reporting requirements, the majority will not be publicized. This lack of knowledge-sharing can lead to underestimates of the true nature and scale of cyber exposures. If the industry is unaware of common vulnerabilities, it presents low-hanging fruit for cyber criminals.

Cost to the business

The average cost of a data breach currently sits at USD 3.62m, according to research by IBM and the Poneman Institute.

Imagine, for example, that your entire library of CAD drawings was encrypted and ransomed, or simply deleted. What would it cost to recommission and replace them all? Then, add the wide range of associated business interruption costs, such as delays to on-going projects and employee overtime. You then begin to see the true impact of a potential cyber incident.

Tackling cyber risk

While businesses may be reluctant to allocate additional resources, in today’s environment, cyber is an essential strategic risk for everyone to understand and manage – not just a matter for your IT department or provider. IT professionals are primarily focussed on network functionality, whereas cyber risk is a much broader issue, ranging from how you deal with third parties to the actions of workers on site.

It is always recommended to seek advice from an independent third party. IT providers can sometimes be biased towards the technologies and services that they deal in. Seeking impartial advice will ensure that you take the best course of action for your particular needs.

Zurich’s expert Risk Engineers are here to offer candid, unbiased assistance on cyber risk and wide variety of other topics. Many of our Risk Engineers have previously worked in the construction sector and its associated trades, offering unrivalled insight into your activities and the challenges you face.

For more information on how to tackle cyber risk, please read our latest whitepaper on the subject – Cyber security and the construction industry: staying ahead of emerging threats – or contact our Risk Engineering team.

 

 

Bernadette Hackett

Global Relationship Leader and Head of the Global Construction Community at Zurich

 

Image © Getty

Leave a comment