Is it time for the construction industry to re-think cyber risk?
11/07/2022
Cyber risk probably isn't a major concern for many construction sector organisations.
After all, the industry's focus is on physical work with tangible assets, and digital activity is fairly minimal and unlikely to attract cyber criminals - isn't it?
So, why should the construction sector re-think this seemingly intangible risk?
Reliance on technology
The industry's reliance on technology has changed significantly over the last decade, and there has been a massive adoption in terms of wider project delivery and how organizations operate. From office operations to activities on-site, technologies such as cloud storage, email and smartphones are commonplace.
Digital tools, such as Building Information Modelling (BIM), are also permeating all aspects of the design stage, along with technology such as 3D-printing, remote building monitoring systems, brick-laying robots and other automated techniques. While the nature of adoption might be different from other industries, today's construction sector organizations are unquestionably operating in a modern, digitized and connected way.
But, as the industry progressively embraces new technologies it cannot afford to ignore the corresponding risks. If unmanaged, cyber risk ultimately threatens to outweigh the benefits gained from continued technological advances.
An attractive target
The cyber-attacks that make headlines typically concern breaches of personal data, such as login credentials or credit card information. As the industry doesn't regularly deal in such information, there is a common misconception that it is not a likely target for cyber criminals. But unfortunately, this is not the case. The industry presents a wide-range of attractive opportunities for cyber criminals.
From controlling critical services, to the theft of trade secrets, there are many reasons that a construction sector organization could fall victim to cyber-crime. Tracking cyber incidents can be tricky, especially as a lot of incidents still go unreported. And while the construction sector may experience cyber-crime, unless a breach conforms to strict reporting requirements, the majority will not be publicized.
This lack of knowledge-sharing can lead to underestimates of the true nature and scale of cyber exposures. If the industry is unaware of common vulnerabilities, it presents low-hanging fruit for cyber criminals.
Cost to the business
The average cost of a data breach currently sits at USD 3.92m, with an average data breach impacting over 25,000 records, according to research by IBM. Imagine, for example, that your entire library of CAD drawings was encrypted and ransomed, or simply deleted. What would it cost to recommission and replace them all? Then, add the wide range of associated business interruption costs, such as delays to on-going projects and employee overtime. You then begin to see the true impact of a potential cyber incident.
Tackling cyber risk
While businesses may be reluctant to allocate additional resources, in today's environment, cyber is an essential strategic risk for everyone to understand and manage - not just a matter for your IT department or provider. IT professionals are primarily focussed on network functionality, whereas cyber risk is a much broader issue, ranging from how you deal with third parties to the actions of workers on site. It is always recommended to seek advice from an independent third party.
IT providers can sometimes be biased towards the technologies and services that they deal in. Seeking impartial advice will ensure that you take the best course of action for your particular needs.
Zurich's expert Risk Engineers are here to offer candid, unbiased assistance on cyber risk and wide variety of other topics. Many of our Risk Engineers have previously worked in the construction sector and its associated trades, offering unrivalled insight into your activities and the challenges you face.
