Brian Cooper, Sr. Managing Director, US Construction Practice and
John Liston, Area Senior Vice President, Construction, Gallagher
Cyber risk has risen to one of the top concerns across almost every business, as threat actors continue to attack organizations of all sizes and across industry sectors. As businesses increasingly depend on technology, require immediate access to data and rely on a cyber-secure vendor supply chain, the attack surface and the threat grow larger by the day. The construction industry epitomizes this reality.
Construction-related businesses face the same fundamental cyber threats as other industries but have unique risks that are associated with specific tools they use for managing data, delivering services and systems control. These include:
■ 3D Building Information Modeling (“BIM”) — building information models use computer-based files to support efficient decision-making for planning, design, construction and building operations and maintenance.
■ 5D BIM — provides an enhanced visualization and project-management platform. In the future, augmented- and virtual-reality technology will be added to allow offices and the worksite to collaborate in real-time.
■ Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition Systems (SCADA) monitors and controls equipment and plant operations.
■ Drones — enables job site surveillance, surveying and access to previously inaccessible places.
■ Autonomous Construction Machinery — used for the remote navigation of excavators, bulldozers, backhoes and dump trucks for higher utilization rates and lower operator costs.
■ Robotics — deployment of robotics in bricklaying and road paving, to replace highly repetitive, systematic manual processes.
■ Biometrics — increasingly used to manage and control construction sites and projects, through access control to secure sites, on-site attendance reporting, health and safety, compliance and remote management of multiple workforce.
■ Cloud technology — the use of vendors to store data on behalf of the business.
■ Mobile devices — allows the highly decentralized construction industry to enhance collaboration at all stages of the construction process, including productivity tracking, report generation, document management, material logistics, inventory management and data analytics.
■ Internet of Things (IoT) — provides for remote operation of wearables and machinery, supply replenishment, tracking of tools and equipment and remote usage monitoring.
Cyberattacks in the Construction Industry Several recent studies provide evidence that cyber threat actors have the construction industry in their crosshairs. According to a recent Forrester survey, more than 75 percent of respondents in the construction, engineering and infrastructure industries have experienced a cyber-incident within the last 12 months. Moreover, it is projected that cybercrime will cost businesses approximately $6 trillion per year on average through 2021.
Specifically, cyber risks expose construction businesses to:
■ Liability to third parties such as employees, clients and regulators arising from computer security failure and breach of private information.
■ The costs of dealing with the failure of security or breach of privacy, including notification, ransom payment, forensics, legal services, data restoration and lost income through business interruption.
■ Breach of confidential business information, through storing and sharing bid and project data/specifications, owner’s processes and project management.
■ Unauthorized access and interference with project plant, data and specifications in SCADA and Building Information Modeling (BIM).
■ Bodily injury and property damage through the failure of IoT, robotics and remote control of processes and physical security.
■ Liability for delay and business interruption caused by unauthorized access to project data and systems
Gallagher has worked closely with the cyber insurance market to develop tailored risk transfer solutions for businesses across all industry sectors, including the construction sector. While there is no standard cyber-insurance policy, there are some commonly offered coverages that are excellent mechanisms to save bottom line costs in the aftermath of a cyberattack. Other policies, including crime, property, liability, kidnap and ransom and error and omissions, may also offer some limited coverage to cyber exposures. However, a comprehensive standalone cyber insurance policy usually affords the most comprehensive coverage for cyber risks while traditional insurance lines are increasingly tightening policy language to exclude cyber risk related costs.
John Liston, Area Senior Vice President, Construction, john_liston@ajg.com and Brian Cooper, Sr. Managing Director, US Construction Practice, brian_cooper@ajg.com both work for Gallagher, an insurance, risk management and consulting partner serving communities around the globe.
Previous Article
Next Article