Contractors are not immune to losses arising from cyber attacks and malicious computer activity. According to a report from SecurityScorecard:
“The focus of malicious actors on the construction industry is expected to increase significantly within the coming years as construction firms begin standardizing the integration of ‘smart’ devices and IoT devices such as thermostats, water heaters, and power systems…These new IoT devices will create a larger attack surface that previously did not exist.” i
Although contractors generally handle or maintain limited amounts of personally identifiable information, they do maintain such information for employees and also often have access to third party (project related) information that may be considered sensitive by the project owners.
It is also worth noting that construction firms are increasingly relying on computers and computer systems to estimate costs, as well as to submit bids on potential contracts.
Specific concerns for construction firms include:
• Ransomware: Ransom expenses or the cost to repair/recreate data damages by a ransomware may be significant;
• eCrime: All types of firms are targets for wire transfer fraud schemes based on business email compromise or social engineering schemes; and,
• System outage: An extended outage of a computer system may result in significant extra business expenses or an inability to produce cost estimates or bids on job opportunities.
Wire Transfer Fraud & Theft of Money averaged $179K in breach cost .ii
In 2017, the average total breach cost was $394K, and the median total breach cost was $56K. iii
Companies with less than $50M in revenue were the most impacted, accounting for 47% of cyber insurance claims. iv
• Employee training and dual-method authentication for wire transfers
• Dual authentication for remote systems access
• Timely installation of computer software updates (a.k.a. “patches”)
• Regular back up of systems and data
• Restriction of administrative privileges on all work stations and computer servers.