Tuesday 28th March
Building cyber resilience in construction
Globally, the construction industry continues to be one of the sectors most targeted by online attackers, according to the UK government, which says businesses of all sizes are at risk. Digital technology has become critical in the construction sector, creating greater exposure to cyber-related risks.
How can a cyber policy protect your business?
Cyber insurance protects businesses against financial loss caused by cyberattacks, such as data breaches and system interruption. There’s a wide range of cyber insurance policies to suit the needs of different size businesses, but cover can typically include:
- Cyber incident response costs, including IT forensics, legal, breach notification, and crisis communications.
- Ransomware attacks and unauthorised use of computer resources.
- System damage and business interruption (including complete data re-creation, income loss, and extra expense, additional extra expense, consequential reputational harm, and hardware repair and replacement).
- Network security and privacy liability, including liabilities arising from regulatory fines.
- Media liability (including defamation and intellectual property rights infringement).
- Technology errors and omissions.
- Court attendance cost.
Growth of construction tech risks
Digital technology is a tremendous asset to the construction industry, supporting all disciplines, such as design, architecture, engineering, and connecting stakeholders across multiple locations. It can also help complete planning and construction processes more efficiently and within budget. Undoubtedly, tech is beneficial to construction projects, but it also exposes businesses to cyber risks.
Construction cyber-attacks have become so common that the National Cyber Security Centre (NCSC) produced cybersecurity guidance for the construction sector last year. This guidance aims to protect construction firms working on big projects involving vast sums of money. Construction is vulnerable because a cyber-attack on its supply chain can delay goods or services, which can significantly delay a construction project, causing rising costs. If a project is put on hold, the construction company could also face mounting bills through no fault of its own.
NCSC Deputy Director for Economy and Society Resilience, Sarah Lyons, said:
“Joint ventures in construction are responsible for some of the UK’s largest building projects, and the data they handle must be protected to keep crucial infrastructure safe.
Failure to protect this information not only impacts individual businesses but can jeopardise national security, so it’s vital joint ventures secure their sites, systems, and data.”
Several contractors have been hit by cyber-attacks in the last few years. Engineering consultant Arup saw its payroll company attacked in January 2021. When Russia invaded Ukraine last year, Construction Dive reported increased warnings that Russian-led cyberattacks were specifically targeting construction firms. No Russian-led attacks have been publicised to date. Still, it’s vital for construction leaders to be aware of the risks and to ensure the robustness of their data security infrastructure.
Cyber insurance policies can limit the financial impact of a cyber event on a company’s supply chain, enabling construction companies to get back to work as quickly as possible.
Share this story
We’re here to help
Get in touch with the team for expert advice
Kerry London is authorised and regulated by the Financial Conduct Authority. The company is a leading UK independent and Lloyd’s accredited broker, which means that we work with a wide range of niche and major insurers.
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such or regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note, we have relied on information sourced from third parties, and we make no claims as to the completeness or accuracy of the information contained herein. You should not act upon information in this bulletin nor determine not to act without first seeking specific legal and/or specialist advice. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to the fullest extent permitted by law.
Categories: Construction, Cyber,
