Laying Groundwork to Combat Cyber Threats To The Construction Industry

By Corvus Insurance —

Based on Corvus’s Threat Intel team data, the frequency of ransomware attacks on the construction industry increased 48% from 2022 to 2023. Encryption software firm NordLocker, in its latest report on cyber attacks, ranked construction as the number-one most-targeted industry.

This post will spotlight why construction firms are especially vulnerable and what they face today based on data from our Threat Intel findings. We’ll also look at what construction firms are doing right and how they can further safeguard against cyber risks.

Technological progress fans cyber flames

The construction sector, essential to the growth and maintenance of global infrastructure, is facing urgent cybersecurity challenges. Much is at risk: Financial accounts, business-sensitive information, and the intellectual property and data of employees and projects.

At the crossroads of cybersecurity risk and technological progress, the industry is experiencing sophisticated ransomware assaults interrupting operations and data breaches compromising critical project information.

The increasing use of Internet of Things (IoT) devices, such as connected sensors, drones, and wearable technology, introduces new cybersecurity threats. Many construction businesses have also adopted operational technologies such as supervisory control and data acquisition (SCADA) networks, building information modeling systems (BIMs), machine learning, and robotics, further expanding the attack surface. As new technologies become more prevalent in construction practices, the industry is grappling with ensuring the security of physical assets and digital infrastructure.

Adding to the challenge is the wide range of interconnected parties involved in construction projects, including suppliers, subcontractors, engineers, and architects. Every entity is a possible foot in the door for hackers looking to breach security, steal confidential data, or interfere with regular business activities.

Many construction firms and contractors underestimate their cyber risk. They are unaware that they frequently serve as a point of entry for hackers looking to target more profitable targets — a builder’s clients.

The cyber threat landscape for construction

For years, the construction industry enjoyed a sense of security, seemingly immune to cyberattacks, as suggested by a research paper by the Association of General Construction of America in 2021. However, this perception has been shattered. A 2023 survey from Dodge Construction Network and content security company Egnyte reports that 59% of firms experienced a cybersecurity threat within the last two years, a stark departure from the past. Yet the same survey shows that most of the industry isn’t prepared for a cyberattack.

Alarming consequences, lack of readiness

Successful attacks have dire consequences, with 77% of respondents in the Dodge-Egnyte survey saying they would experience critical schedule delays if access to documentation were blocked for more than five days. But ransomware attacks typically take much longer to resolve than that. Data from Statista points out that the average length of interruption after ransomware attacks in the United States was 24 days as of the second quarter of 2022.

A Travelers Companies survey notes that construction businesses aren’t well-prepared to mitigate cyber risks; 87% of construction business decision-makers rely on technology functioning properly so their business can operate, but 40% believe their business is becoming somewhat riskier each year. Only 20% say they are knowledgeable about the cyber issues that could harm their companies. And only 30% have a business continuity plan to help them survive and recover from a cyberattack.

Read More

Read on about the real-life impact of cybercrime and positive mitigation steps we have observed at CorvusInsurance.com.

Even as the industry improves at preventing and mitigating cyberattacks, threat actors will continue to invent new strategies and tactics. That’s why, at Corvus, we want to partner with construction firms to help manage the risks they face. Our underwriters have the necessary cyber expertise and real-time data insights to meet the construction sector’s needs.

It’s now easier than ever for the construction industry to add an experienced, committed cyber insurance partner to the blueprint: Learn more about the broad policy language, competitive terms, and endorsements we offer for the construction industry.

About Corvus

Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance®, Smart Tech E+O™, and Smart Cargo®. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the US, Middle East, Europe, Canada, and Australia. Current insurance program partners include AXIS Capital, Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q Accredited, SiriusPoint, and Skyward Specialty Insurance. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the US, in the UK, and Germany. For more information, please visit www.corvusinsurance.com.

Source: Corvus Insurance