Cyber & Construction: Understanding Your Risks
April 17, 2018
From last year’s Equifax breach to the highly publicized WannaCry and NoPetya attacks, cyber incidents have quickly become one of the top risks facing companies across almost every vertical. Chubb, the world’s largest property and casualty insurer, found that 93 percent of small and midsized businesses have reported experiencing a cyber incident that severely impacted their operations.
Unfortunately, the construction industry is not exempt from this growing threat.
As contractors become more reliant on technological integrations such as Building Information Modeling (BIM) and telematics software, companies are simultaneously exposed to the increased risk of a cyber incident. Cybercriminals could gain access to intellectual property such as architectural assets, financial information and even personal employee data, if it’s not properly protected. For example, Turner Construction was the victim of a company-wide breach in 2016 that exposed the names and social security numbers of its nearly 6,000 workers, after an employee unknowingly sent sensitive data to a fraudulent email address.
However, there are several strategies construction firms should consider to decrease the likelihood of a cyber event. To start, employees are often unknowingly the initial source of the breach – such as the case with Turner Construction. According to the Identity Management Institute, 90 percent of all successful cyber-attacks began with an employee. Therefore, all personnel should be regularly trained on security procedures and required to frequently update passwords. In addition, if employees are accessing data from a mobile device, the company’s network must have data encryption software and employees will need to have the device password protected.
Combined with frequent training and continued cyber education, companies can take several steps to guarantee its intellectual property is protected. For example, security software should be installed that offers automatic updates and real-time protection. Aside from computer software, data should be frequently backed-up using a reliable cloud storage provider. Having a robust security program is key to preventing a costly data breach and firms should seriously consider hiring an in-house security expert to ensure data is protected.
If the victim of a cyber incident, construction companies will incur heavy costs associated with the security failure. What many contractors don’t realize is that the largest exposure is related to incident response and first-party loss – including forensics, business interruption, digital data recovery and extortion. For instance, what happens if a company can’t access job data or order information because its systems were taken offline? This delay in operations alone could cause a significant loss in revenue. According to claims analyzed by Chubb over a three-year period, the average costs of forensics after a cyber incident was more than $230,000.
For many contractors, one of the most valued benefits of a cyber insurance policy is having access to a specialized incident response team and experienced claims representatives. Having these individuals as an extension of your team is invaluable, as they are trained to work closely with your organization to walk you through exactly how the breach occurred. Working hand in hand with your insurance broker to identify potential cyber risks facing your specific operation can also help to ensure you’re protected with proper insurance policies and adequate limits. Your insurance broker can serve as a true risk management consultant, helping to identify and implement strategies that limit exposures.
Philadelphia, PA, 19102