It is acknowledged that cybersecurity breaches can be extremely harmful to construction enterprises of all sizes. Not only can they result in cash flow and intellectual property implications, but breaches can seriously undermine a company’s reputation and its relationships with suppliers.
Australian multinational general insurance and reinsurance company QBE Insurance Group Limited has released its 2024 Commercial Construction Risk Report, a compilation of data gathered this past March from 500 commercial general contractors and construction managers across the United States.
The report ranked and discussed key industry risks, such as the skilled labour shortage, interest rates, supply chain disruptions, material cost increases and cybersecurity.
Cybersecurity came out on top among survey respondents as their single most worrisome concern. In addition, cybersecurity was also named the top risk for which respondents felt least prepared.
“This issue is particularly true for mid-sized construction companies, which often operate with less financial capacity than their larger counterparts,” the report said.
“Such companies may not have the resources to address certain exposures or the financial reserves to absorb the disruption and significant losses caused by some risks.”
QBE notes while the industry has been reliant on decades-old and well-entrenched processes, there has been an evolution in recent years towards increased innovation through digitization.
Survey respondents mentioned technologies they felt could be valuable to them going forward. These included wearables such as smart boots, hard hat helmets and watches, power gloves, and augmented reality glasses.
However, QBE notes, “while innovation creates opportunities, it also introduces risks.”
In fact, the nature of construction itself also creates a level of vulnerability not seen in other major industries.
Kelly Butler, cyber practice leader with international insurer Marsh McLennan, identifies four key reasons why construction is particularly susceptible to cyber-attack: rapid digitization of the industry; the growth of autonomous and robotic equipment; a traditionally transient workforce; and the many “building blocks” and collaborative entities that come together to form a project.
“The high degree of industry collaboration is a critical element,” says QBE. “This environment creates additional vulnerabilities and opportunities for cyberattacks, especially as these companies may have varying levels of training regarding cybersecurity best practices.”
This emphasizes the importance of educating the company workforce of the risks to be confronted every day, a message repeated by numerous insurance companies and business consultancies over recent years.
That’s because cyberattacks and security breaches can start innocuously.
The Canadian Construction Association (CCA) says 80 per cent of breaches begin with a malicious link in an email.
QBE joins the chorus.
“Employees need to know how to recognize potential cyber threats and how to report them. Companies should work closely with their IT support to identify vulnerabilities, and regularly update software and operating systems. Educating and training employees on cyber hygiene is the first step in building a human firewall of defense.”
Butler suggests construction companies combine internal corporate risk management programs with comprehensive insurance coverage.
However, while cyber insurance has become a critically important safety net in recent years, developing the required complementary risk management program could be a challenge for many small and medium-sized construction companies.
Writing for the CCA, John Frainetti, cybersecurity director at Calgary-based Graham Management Services LP, suggests the construction industry extend its well-developed culture of health and safety to digital and cyber safety.
Terms such as, “near misses,” “leading indicators” and “hazard identification” should be familiar to employees across companies both large and small, he says. This would help to build understanding of the importance of cybersecurity for the company’s well-being.
Like QBE, Frainetti also acknowledges the high degree of collaboration required in construction.
He suggests construction companies recognize both the shared risks and the possible solutions across their project partnerships. This is particularly important for businesses that lack the financial resources to do battle on their own.
“Don’t be afraid to share information and to ask for help. There is a lot of good information out there on best practices to follow that can help small businesses.”
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to editor@dailycommercialnews.com.
Recent Comments