Managing and Protecting the Digital Jobsite – Cyber in Construction

Risk management efforts for construction companies have historically focused on site safety, structural integrity and other physical hazards. While these continue to be primary concerns, construction firms are incorporating more technology into the jobsite, which brings with it cyber-related threats.

Ransomware and data breaches, along with other vulnerabilities, have forced construction companies to evaluate risk mitigation processes, with Cyber insurance quickly becoming a critical component of a sound protocol.

Growing risk

As construction technology has evolved, it has made jobsites more efficient. This has led to construction companies, managers and contractors relying more on digital tools such as cloud-based project management platforms and internet-enabled machinery and technology.

Cybercriminals have noticed and have become quick to target these systems, hoping to access stored project information such as sensitive financial and proprietary data.

Spearfishing, in which bad actors target specific individuals to attempt to steal sensitive data or account details, account for 40% of reported cyberattacks in the construction sector.

The average ransom demand in the Construction industry in 2024 was $4.1 million, according to the Sophos State of Ransomware 2024 report.

What’s at stake

A successful cyberattack can disrupt office operations and lead to significant financial loss and project delays. Unauthorized access to confidential information brings with it liabilities driving legal defense and settlement costs, and concerns with regulatory compliance.

Social engineering scams are prevalent. In this scenario, a bad actor emails people within the construction company it is targeting, urging them to transfer funds to resolve an emergency.

A system breach can cause problems such as supply chain risks and reputational damage, which could halt business operations.

The role of Cyber insurance

Standalone or tailored cyber insurance policies have become essential for the modern construction firm, yet general liability or property insurance policies usually do not cover cyber.

A well-tailored Cyber insurance program can limit operational disruption and financial loss incurred by construction entities by providing:

• Access to experts; forensic and legal support
• Coverage for losses from phishing scams and voice manipulation
• Protection for lost revenue due to downtime resulting from a cyber incident
• Coverage for ransomware and data recovery
• Legal defense and settlement

Cyber insurance should complement, not replace, actual cybersecurity practices. Enforcing controls such as multi-factor authentication, password management and employee awareness – to name a few, have become the new minimum standard.

Cyber policyholders also often have access to carrier resources such as proactive risk management tools, training solutions and vulnerability scans.

Once an afterthought for many organizations in the physical fields, cyber risk management has moved to the forefront. A proactive approach is now a foundational practice to protect a company’s reputation and future. As cyber risks continue to evolve, ask yourself – is our firm prepared?

The experienced team at Oswald can help you determine your cyber risks and find the right protection for your needs.

For more information, contact us below or visit our Property & Casualty Risk Hub here.