Technology
Risk

Six Reasons Construction Companies Need Cyber Insurance

A tested incident response plan is key to a construction company’s ability to quickly respond to a cyberattack, minimizing losses and downtime.
By Jay Shelton
October 8, 2021
Topics
Technology
Risk

Computer hackers are targeting private and public companies, both large and small, at staggering rates. Construction companies are not exempt from these types of cyberattacks and must look at their cybersecurity in the same way they do any other type of risk.

Construction firms can start with identification and prevention by assessing their cyber security profile, identifying gaps in security and then deploying solutions that address cybersecurity gaps.

Unfortunately, no security system is foolproof. Hackers are successful in breaching the best-protected systems, so companies must also be prepared for when an attack is successful and for how they will respond. A tested incident response plan is key to a construction company’s ability to quickly respond to a cyberattack to minimize losses and downtime.

Construction companies should assess the cost of a cyberattack on the organization and how it will be managed. Purchasing cyber insurance is the best way to transfer the cost of an attack to an insurance company. Six reasons construction companies should consider mitigating the cost of a cyberattack by purchasing cyber insurance are:

  1. Cybercrime. All transactions that involve wiring money to a third party are a target for cyber criminals. Social engineering is prevalent in the construction industry, and typical crime policies don’t always cover this type of exposure. Make sure a cyber policy is in place that has coverage for transfer fraud, social engineering, invoice manipulation and telecommunications fraud.
  2. Business interruption. Almost all construction firms these days rely on technology to run day-to-day operations. Contractors that use a laptop to track job progress or communicate with subcontractors and vendors face the potential for a serious loss of profit if they can’t access information and connect with those involved on the project. Make sure there is adequate business interruption coverage in the cyber policy to help mitigate a costly loss.
  3. Commercial contracts. An HVAC contractor was the reason for the 2013 Target breach that affected 41 million customers. Subcontractors performing work for large commercial organizations may have access to their networks, systems and internal processes. This access can be exploited. When competing for a large commercial contract, a cyber policy is crucial because it offers the contractor protection, giving them a competitive advantage—and a cyber policy is often required.
  4. Reputational harm. A data breach may result not only in the loss of current clients, but of future clients too. If customers or partners feel that a construction firm is not adequately protecting their financial assets and information, that firm could lose their business. Look for a cyber policy that provides coverage for reputational harm in the event of a data breach or hacking.
  5. Privacy liability. Construction firms collect lots of sensitive information about their clients and ongoing projects. This data can include records of personally identifiable information, payment information, architectural plans and even insight into a client’s internal network. If this information is lost, the contractor may be responsible for notifying the affected individuals and may face lawsuits, fines and incredibly high forensics costs.
  6. Security. Finally, a cyber policy brings peace of mind in knowing that cyber experts are ready to assist in the event of an attack. Having support from a cyber insurance carrier is critical as they deal with these issues daily and understand what it takes to respond. Whether it’s managing legal requirements for notification, crisis management, forensics or dealing with a cyber ransom attack, the insurance carriers employ internal and external cybersecurity experts to assist in dealing with any type of attack.

October is National Cyber Month, a great time to evaluate incident response plans and cyber insurance coverage to help ensure construction firms are properly protected.

by Jay Shelton
With nearly 20 years of experience in the risk management experience, Jay Shelton leads the Executive Risk Team which focuses on both publicly traded and privately held Directors & Officers Liability, Errors & Omissions, Cyber, Crime, Employment Practices, Management Liability and other executive management coverages. His main responsibility is to identify and evaluate clients’ exposure and implement programs that will minimize risk. Jay is a veteran of the United States Marine Corps. He earned a Master's degree in Business Administration from Notre Dame University and Bachelor of Science degree in Criminal Justice from Indiana University. Jay is a member of the American Society of Safety Engineers, Professional Liability Underwriter Society and RIMS.

Related stories

Technology
Employing Supporting Roles for Your IT Team
By Christian Burger
For construction businesses to be effective in selecting, managing and deploying technology—especially when the influence, intelligence and complexity of that technology is growing—they need a new approach to IT.
Technology
Integrating Software and Hardware Technology in the Field
By Bryan Williams
Field technology has advanced increasingly in recent years. Combing the advancing software with hardware in the field can significantly improver performance on the jobsite.
Technology
Simplifying and Extending a Building's Lifecycle With Digital-Twin Technology
By César Flores Rodríguez
Digital-twin technology takes data beyond BIM, out of silos and into the interactive real world in real time.

Follow us




Subscribe to Our Newsletter

Stay in the know with the latest industry news, technology and our weekly features. Get early access to any CE events and webinars.