Computer hackers are targeting private and public companies, both large and small, at staggering rates. Construction companies are not exempt from these types of cyberattacks and must look at their cybersecurity in the same way they do any other type of risk. 

Construction firms can start with identification and prevention by assessing their cyber security profile, identifying gaps in security and then deploying solutions that address cybersecurity gaps. 

Unfortunately, no security system is foolproof. Hackers are successful in breaching the best-protected systems, so companies must also be prepared for when an attack is successful and for how they will respond. A tested incident response plan is key to a construction company’s ability to quickly respond to a cyberattack to minimize losses and downtime. 

Construction companies should assess the cost of a cyberattack on the organization and how it will be managed. Purchasing cyber insurance is the best way to transfer the cost of an attack to an insurance company. Six reasons construction companies should consider mitigating the cost of a cyberattack by purchasing cyber insurance are:

1. Cybercrime. All transactions that involve wiring money to a third party are a target for cyber criminals. Social engineering is prevalent in the construction industry, and typical crime policies don’t always cover this type of exposure. Make sure a cyber policy is in place that has coverage for transfer fraud, social engineering, invoice manipulation and telecommunications fraud.
2. Business interruption. Almost all construction firms these days rely on technology to run day-to-day operations. Contractors that use a laptop to track job progress or communicate with subcontractors and vendors face the potential for a serious loss of profit if they can’t access information and connect with those involved on the project. Make sure there is adequate business interruption coverage in the cyber policy to help mitigate a costly loss. 
3. Commercial contracts. An HVAC contractor was the reason for the 2013 Target breach that affected 41 million customers. Subcontractors performing work for large commercial organizations may have access to their networks, systems and internal processes. This access can be exploited. When competing for a large commercial contract, a cyber policy is crucial because it offers the contractor protection, giving them a competitive advantage—and a cyber policy is often required.
4. Reputational harm. A data breach may result not only in the loss of current clients, but of future clients too. If customers or partners feel that a construction firm is not adequately protecting their financial assets and information, that firm could lose their business. Look for a cyber policy that provides coverage for reputational harm in the event of a data breach or hacking.
5. Privacy liability. Construction firms collect lots of sensitive information about their clients and ongoing projects. This data can include records of personally identifiable information, payment information, architectural plans and even insight into a client’s internal network. If this information is lost, the contractor may be responsible for notifying the affected individuals and may face lawsuits, fines and incredibly high forensics costs.
6. Security. Finally, a cyber policy brings peace of mind in knowing that cyber experts are ready to assist in the event of an attack. Having support from a cyber insurance carrier is critical as they deal with these issues daily and understand what it takes to respond. Whether it’s managing legal requirements for notification, crisis management, forensics or dealing with a cyber ransom attack, the insurance carriers employ internal and external cybersecurity experts to assist in dealing with any type of attack.

October is National Cyber Month, a great time to evaluate incident response plans and cyber insurance coverage to help ensure construction firms are properly protected.