Scott Fouts, Vice President, Risk Service Division, HUB International
The digital era has enabled the construction industry to integrate innovative technologies to boost efficiency and streamline operations. Today, even the most traditional construction firms rely on electronic communication, online banking, automated systems and digital storage for essential information as standard
practice.
Such convenience comes at a price, with 93 percent of construction companies having experienced a data breach in the last three years.
The construction industry ranks as the second most targeted for cyber attacks. Cyber crime is projected to cost the construction sector an estimated $1.2 trillion by 2025. Unfortunately, numerous construction firms in Florida and beyond find themselves unprepared when confronted with a cyber attack, leading to difficult questions and challenging situations.
Several factors contribute to the industry’s vulnerability. First, the construction sector has not been subjected to stringent data privacy and security regulations like healthcare and banking, allowing potential weaknesses to go unaddressed. Furthermore, while technology is now a crucial component of daily operations for most construction companies, many still rely on outdated systems with insufficient firewalls and security measures to fend off sophisticated hackers.
These vulnerabilities make many construction companies easy targets and cyber criminals have been quick to exploit them, with construction firms facing an average of five cyber incidents per week. The biggest cyber security risks facing construction companies include ransomware, data theft and fraudulent wire transfers.
The ongoing threat of cyber crime can be lessened by following a few key measures:
Create an incident response plan. In the event of a cyber attack, swift action is crucial to minimize damage.
Identify individuals within your firm who will be responsible for specific tasks and designate a lead person to coordinate the response. Immediate steps should include notifying your insurer, contacting law enforcement and informing vendors whose data may be compromised or whose operations might be disrupted. Ensure that employees refrain from taking any actions that could hinder mitigation efforts.
Ensure robust cyber monitoring systems. Strengthen your intrusion detection programs and firewalls to respond swiftly to cyber threats. Complement these measures with comprehensive incident response plans that are regularly evaluated and updated. Implement additional layers of protection. Enhance your network security by using multifactor authentication and other access controls. Regularly review and update these measures to ensure they remain effective.
Educate team members about cyber security risks. Email links are a primary source of infiltration. Ensure your personnel are aware of this risk, as well as other vulnerabilities, by conducting regular training sessions.
Monitor all digital correspondence and double-check the details. Verify email-based transactions with vendors and suppliers by directly contacting them. Use vendor files to find legitimate phone numbers and call
to confirm any changes or payments, instead of relying solely on email attachments.
Address potential incidents in writing. Minimize liability for issues like automation hijacking, technology
breakdowns or payroll partner fraud through well-drafted contractual agreements. Without these agreements, you could be held responsible for vulnerabilities in third-party software.
Transfer risk with cyber insurance. Obtain a cyber insurance policy to access 24-hour hotlines and breach
response experts who can assist during a security incident. These experts can also provide guidance on
additional preventive measures to avoid incidents. If you suffer a data breach, your coverage may help you
cover the costs of fraudulent wire transfers and ransoms, hiring attorneys and forensic IT consultants and other crisis management costs that you may incur.
As technology and AI revolutionize the construction industry, it’s crucial to be aware of the accompanying risks. Implementing strategies to protect against ransomware, cyber fraud and sabotage are essential for safeguarding operations and data security. By staying informed and proactive, construction firms can harness the benefits of technology while mitigating potential threats.
Scott Fouts is Vice President of global insurance brokerage Hub International’s Risk Services Division. He has 17 years of experience in occupational safety, health and risk management consulting. Scott has spent 15 years on the carrier side of the business providing risk management, safety, property, product liability, environmental, business continuity, fleet, claims and industrial hygiene services.
Previous Article