Market Segment
No industry is immune from privacy and cybersecurity risks, and the construction industry is no exception. By understanding the risks and vulnerabilities and developing a plan, those in the construction industry can protect against a potential cyberattack.
According to Cybersecurity Ventures, ransomware caused more than $20 billion in damage to businesses in 2021, and a study by Safety Detectives found that construction was the third most common sector to suffer ransomware attacks in 2021 (of total ransomware attacks in North America). 13.2 percent).
The industry appeals to cyber attackers in many ways. First, the industry is largely unregulated when it comes to cybersecurity and privacy. This may explain why construction organizations do not prioritize enforcement of privacy and security measures. A study conducted by IBM Ponemon found that 74 percent of construction-related organizations are unprepared for cyberattacks and do not have an incident response plan.
Not all construction organizations face the same amount of business risk inherent in a cyber breach. This includes the nature of the projects they are working on (public infrastructure vs. residential builders), their clients (e.g. governments, companies and individuals), the technologies involved in the project (e.g. IoT, drones, GPS and biometrics), the jurisdictions in which the business is conducted, and the personal information and sensitive information in the organization. the amount and nature of business data.
Additionally, the level of risk may depend on how well an organization is prepared for the challenge. For example, members of the organization’s IT staff may be adept at systems administration, but can they accelerate the latest cybersecurity tools and attack methodologies to provide competent leadership and execution?
Modern construction methods are driving digital connectivity; Not only in the construction supply chain to facilitate the right collaboration, but also “on the ground” as performance, progress, logistics, health and safety and sustainability are monitored in “real time”. This increased connectivity has significant benefits and creates value in the capital environment; but increased connectivity and collaboration will also increase risk, including cyber risk.
Cybersecurity is a growing challenge and the pandemic has increased the need for the construction industry to have a robust cyber risk strategy.
Construction firms are currently dealing with a large number of new risks both on and off the field, but this industry is one that has been slow to identify and address cyber risk vulnerabilities. There is virtually an “arms race” among capital programs to use and use technology to deliver value and efficiency; often without understanding what risks are unintentionally included in the program.
Cybercriminals are constantly evolving, changing their techniques to take advantage of new avenues of attack. The construction industry needs to be equally proactive in its response by looking at risks holistically and instilling a culture of cybersecurity across the board, on the field and everywhere in between.
Understanding the impact a cyber threat can help identify vulnerabilities and enables better management of recovery after an attack. A threat can expose all of a company’s digital assets, including business plans and acquisition strategies; proprietary construction plans and designs; customer, contractor and supplier lists and pricing; personally identifiable information (PII) of employees and contractors; personnel’s protected health information and facility safety information. Collaborative working methodologies such as Building Information Modeling (BIM) can also increase these risks if international standards are not used as guidelines.
As the supply chain creates data-rich, highly visual and virtually navigable models, asset data and information can not only increase the value of assets, but also reveal how the asset “live and breathe”, creating new risks or increasing existing risks. While BIM processes can have enormous benefits for the asset’s lifecycle (particularly design, construction, and operation), they also force data collection that can create never-before-seen risks.
Our goal is to help people in the best way possible. This is a basic principle in every case and cause for success. contact us today for a free consultation.
Sign up to our newsletter
