Cyber security risks in the construction industry

Cyber incidents are gradually becoming one of the largest commercial exposures faced by the construction industry, as firms continue to become increasingly reliant on technology to perform both internal and external functions. It has become common to see and hear of firms in the press in connection with a cyber breach incident. Unfortunately, cyber-attacks have become a fact of life, highlighting the statement of 'not if, but when', and the ever-evolving threat remains a challenge that all businesses must meet.

Whilst the Construction Industry may be praised for its proactive attitude to physical risk management, the general view on cyber security could be seen as somewhat behind the curve. Construction companies have been notably sluggish in both identifying and protecting themselves from cyber breaches.

It’s vital that firms understand the potential impact a cyber attack can have on the business in these areas:

  • Operational

A company may be targeted through ransomware, fraudulent payments, or interruption of systems. Any successful (or even unsuccessful) cyber-attack is more than likely to cause major disruption to a business’ activities, both financially and operationally.

  • Reputational

The risk of a large financial loss or delayed project delivery could be devastating to potential clients/supply chain members.

  • Legal

There are various privacy and data protection laws that companies need to comply with. Should a cyber breach cause said data to be compromised, there may be General Data Protection Regulation (GDPR) penalties and fines issued as a result of the infringement.

The need to take action

We are regularly seeing more emphasis placed on demonstrating cyber security capability during procurement phases, especially in the public sector.

Studies suggest that the construction industry is the third most commonly targeted, with nearly one in every six contractors reporting to have suffered at least one ransomware attack recently. Research indicates that only around 25% of construction firms have prioritised the issue.

The very clear message for firms is that they are not immune. Business owners must be aware of the real dangers and take appropriate action to mitigate the risk. Lockton’s Global Construction Practice specialise in mitigating such risk and we would be happy to assist in advising you on how best to protect your business.

“Cyber risk is more prevalent than ever before. For clients there’s no better combination than the implementation and maintenance of systems to prevent their business from experiencing a cyber-attack, whilst utilising cyber insurance to reduce their financial exposure. The combination will increase a business' overall resilience to the risk. Insurance and a proactive approach to preventative controls go hand in hand, not only in the eyes of the insurer, but also in respect of the overall risk presented.”

~ Jack Bassett, Assistant Vice President, Lockton Cyber & Technology 

For further information and details on our products and services, please visit our Lockton Global Real Estate and Construction Page (opens a new window).

Read our latest Real Estate and Construction insights


Unlocking the future of UK build-to-rent