Contractors working on major construction projects are increasingly working digitally. And while that creates worksite efficiencies, it also opens physical sites up to cyber risks that never used to exist behind the chain-link fences onsite.
“During my time of visiting worksites, I’m seeing that sites are changing. It’s moving around. The risks are [now] beyond the fence line,” said Pete Wilcox, Travelers
construction segment lead. “It’s not just about pounding nails and pouring concrete [anymore], and businesses need to be aware of these risks that are outside of that fence.
“It’s no longer about a foreman looking at a set of blueprints over a plan table. There’s so much collaboration going on now in the cloud between building information modelling, virtual design, and the fabrication that’s occurring offsite. There are so many more businesses and entities that are involved in the project, away from the project.”
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
Wilcox said he started thinking about “borderless” construction sites a few years ago, when he started noticing large numbers of iPads in site offices. The potential risks that hacking could present to large building projects are obvious, he said.
“All this is now out there, whether it’s in the cloud or a server, and can plans be changed, or lost even, and not be recoverable? It’s something everyone needs to start thinking about, I think, in our changing space of construction,” he explained.
Tim Francis, Travelers
enterprise cyber lead, said people don’t always consider the myriad of ways businesses can be affected through a cyber breach – but they need to start.
“If people think of cyber risk at all, and often they don’t, they tend to think of it in the context of the large data breaches that have made the news,” he said. “But that doesn’t necessarily easily translate to a contractor. What we’ve seen across multiple industries is the rise of ransomware [and], in many cases, it isn’t an attempt to extract personally identifiable information, it’s simply to lock up computer systems. That can disrupt a business.
“Quite simply, if a contractor can’t use their technology to order supplies, to communicate with their field workers, that really can put a damper on the business and there could be substantial loss just trying to figure out how to get the data back, how to access the plans. Often that expense can be considerable – in the tens and hundreds of thousands of dollars.”
It’s not just business interruption, though, where hackers could cause trouble. At the more sinister end of the spectrum, criminals could access, change or steal plans. On a massive construction project, changes to plans could be disastrous, costly, and dangerous.
“Because of the interconnectivity of devices, there is inevitably an opportunity for someone to exploit that access for either the purposes of making money or creating mischief,” Francis said.
“You can envision all sorts of scenarios in which people are able to access plans, and if they’re able to alter them, or simply access them and review security schematics, that creates a number of exposures that you might not otherwise anticipate.”
Construction contractors face growing cyber threats
Cyber coverage starting to catch on in construction