Cyber risks in the construction industry
While historically the construction industry has been less of a target for cyber criminals, due to the fact that the majority of construction firms’ revenue generating activities are conducted offline, changes within the industry including the increasing importance of technology means that the industry is not entirely free from cyber risk.
What types of threats exist?
There are a variety of different threats that the construction industry could be impacted by, but the most common include:
- Phishing– malicious emails designed to look like genuine emails which encourage employees to click – infecting their computers in the process.
- Viruses– code which infects computer systems, corrupting or deleting data.
- Hacking– an individual or group attempting to gain access to company systems with the intent to steal or destroy data.
- Ransomware– a malicious programme which locks access to company files and data until a ransom payment is made, after which time access may be restored.
What are the business implications?
All data, whether that is customer databases, employee files, financial information or even project specific contracts, plans or correspondence, holds value for cyber criminals, so businesses need to take steps to protect their data. Every company holds data to a greater or lesser extent, and every company has to issue invoices and use payment systems for both payroll and processing. Data could be stolen or sold online, or companies could fall victim to ransomware demands.
Construction industry risks also include the stealing of designs and blueprints, which could lead to an extensive project delay. A serious attack could see a company lose access to their systems, affecting day-to-day operations, project progress and relationships with clients. Indeed, reputational risks could outweigh the financial; customers are unlikely to work with a company that cannot demonstrate resilience to cyber risks.
How can you protect your business?
With any good risk management policy, the key is training and awareness. Educate your staff on how to identify phishing emails and encourage them to report anything suspicious to senior staff. Reinforce the importance of setting good passwords and back up data regularly so that if systems are compromised, operations need not grind to a halt. Treat cyber risks like any other risk to the balance sheet or reputation, rather than leaving the management of cyber risks exclusively in the hands of the IT department.
While prevention is better than cure, a robust cyber insurance policy can help to mitigate some of the financial and reputational damage of an attack and will help companies get back up and running with minimal interruption.
For more information on Rossborough’s bespoke cyber insurance policies, call your local Rossborough branch today.