Cyberattacks are increasing in the construction industry. These attacks can shut down business operations, cause reputational damage and result in costly litigation and fines.
Background
The construction industry is an appealing target for cybercriminals. This is due to a number of factors, including:
Reduced cyber preparedness—The construction sector remains largely unregulated with regard to cybersecurity and privacy. As a result, cyber preparedness hasn’t been prioritized by many in the industry. In fact, according to an IBM study, 74% of construction organizations aren’t prepared for a cyberattack.
More desirable data—Construction firms store large amounts of sensitive business data and personal information, making them lucrative targets for cybercriminals. If this data is improperly accessed, it may result in reputational damage, regulatory fines and related lawsuits.
Increased adoption of technology—Many of the devices used by construction companies to increase workplace efficiencies (e.g., asset tracking, machine control and worksite security) are vulnerable to cyberattacks.
Elevated third-party exposures—Construction companies frequently work with multiple vendors or third-party contractors, increasing their cyber exposures. After all, a data breach within any one of these partnered companies could result in widespread cyber losses.
Advisen data shows cyber losses in the construction industry have risen since 2010, with the most dramatic increase occurring in 2020. The decrease in 2021 is likely due to a data lag and therefore may not be representative of an actual decline in cyber losses.
The spike in 2020 may be partially due to an increase in cyberattacks overall. According to the FBI, cyberattacks increased 400% in 2020.
Top Cyberthreats
Cybercriminals use a variety of methods to attack construction enterprises. Here are the most common types of cyber losses in construction:
Unauthorized contact or disclosure is the most common type of cyber loss in construction, accounting for 44% of recorded losses. These losses include any event in which information is exposed to unauthorized parties. Malicious data breaches and ransomware attacks account for 30% and 10% of the remaining cyber losses, respectively.
While ransomware attacks currently only represent the third-most frequent type of cyber loss in construction, such attacks are a growing concern. In fact, a recent survey found construction was the top industry targeted by ransomware in 2021.
Cyberattacks in the construction industry most frequently originate from attacks on company servers, according to Advisen data. Telephone communications and emails are the second- and third-most frequent sources of cyber losses in the construction industry.
Personal identifiable information (e.g., names, Social Security numbers and driver’s license numbers) are targeted in 60% of cyberattacks in the construction sector. Personal financial information and personal health information are targeted in 36% and 4% of cyberattacks in the industry, respectively.
Notable Losses
Notable cyberattacks on construction enterprises in Advisen’s database include:
Bird Construction—In 2019, Bird Construction was allegedly targeted by MAZE cybercriminals. The hackers stole 60 gigabytes of data, including Social Security numbers, banking details, names, email addresses and health information.
Bouygues Construction—In 2020, cybercriminals allegedly breached the server of Bouygues Construction. As a result, the entire company network was shut down. The cybercriminals allegedly stole 200 gigabytes of data and demanded a $10 million ransom.
Between response costs, potential ransom payments and associated fines, cyberattacks can quickly cost millions of dollars in damage.
Risk Mitigation Strategies
Although cyberthreats are prevalent, there are steps construction companies can take to minimize their risks. Here are some strategies for companies to consider:
Conduct training. Educate employees on how to recognize potential cyberattacks. Provide clear instructions for employees to follow if they believe a cyberattack has occurred.
Prioritize supply chain management. Identify the risks of working with external organizations. Consider creating legal contracts with contractors and third-party businesses to address cyber risk management.
Have a plan. Develop and practice a cyber incident response plan. This should include identifying an internal and external response team, clarifying roles and responsibilities of key team members, and anticipating critical business continuity measures and workplace safety issues.
Purchase proper insurance. Speak with a trusted insurance professional to secure sufficient coverage for cyber losses.
Conclusion
Cyberthreats have become increasingly common among construction enterprises. As such, proper risk mitigation strategies are necessary to reduce the risk of costly cyberattacks. For more information on reducing cyber risks, contact us today.
Gulfshore Insurance is a Naples, Florida based insurance agency specializing in business insurance including liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, and more. Our insurance and risk management advisors are industry specialists for condominium associations, golf and country clubs, oil and petroleum marketers, construction, landscaping, churches and non-profits, and work comp. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.
As we enter the hottest months of the year, it is important to plan ahead for work-related heat exposure and the potential for heat-related illness among workers. Heat stress and heat strain can increase the risk of workplace injuries. Workers in a wide variety of industries are exposed to hot environments during work and are at risk for heat-related illness. A recent study identified public administration (35% of the total cases); agriculture, forestry, fishing, and hunting (13%); and construction (8%) as industry groups with the highest number of heat-related illnesses. Younger workers and male workers were at greater risk than other demographic groups. This study also found that 9% of heat-related illness cases happened to new workers within two weeks of hire.
Many workplace controls are available to minimize heat-related illness among workers. A complete heat stress program for the workplace should include assessing the risk, limiting heat exposure, reducing metabolic heat load, acclimating workers, encouraging hydration, and providing periodic training for heat stress and heat-related illness. Workplace-based educational programs have been shown to improve workers’ knowledge about heat illness; training has been identified as a central part of a heat stress educational program to decrease heat-related illness among outdoor workers.
When providing heat stress education and training, consider your workers and what delivery methods might work best.
Employers should provide heat stress training for all workers and supervisors on the following:
Recognizing the signs and symptoms of heat-related illnesses and administration of first aid.
Causes of heat-related illnesses and the procedures that will minimize the risk, such as drinking enough water and monitoring the color and amount of urine output.
Proper care and use of heat-protective clothing and equipment and the added heat load caused by exertion, clothing, and personal protective equipment.
Effects of non-work factors (such as drugs, alcohol, obesity, etc.) on ability to adapt to occupational heat stress.
The importance of acclimatization.
The importance of immediately reporting to the supervisor any symptoms or signs of heat-related illness in themselves or in coworkers.
Procedures for responding to symptoms of possible heat-related illness and for contacting emergency medical services.
In addition, supervisors should also be trained on:
How to implement appropriate acclimatization.
Procedures to follow when a worker has symptoms consistent with heat-related illness, including emergency response procedures.
Monitoring weather reports and responding to hot weather advisories.
Monitoring and encouraging adequate fluid intake and rest breaks.
Gulfshore Insurance is a Naples, Florida based insurance agency specializing in liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, home and homeowners insurance, car and auto insurance, boat and yacht insurance, property insurance, umbrella insurance, valuables insurance for fine art, jewelry, wine, and more. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.
Gulfshore Insurance is a Naples, Florida based insurance agency specializing in business insurance including liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, and more. Our insurance and risk management advisors are industry specialists for condominium associations, golf and country clubs, oil and petroleum marketers, construction, landscaping, churches and non-profits, and work comp. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.
The National Council on Compensation Insurance (NCCI) recently delivered its annual workers’ compensation insurance rate filing to the Florida Office of Insurance Regulation.
Based upon its review of the most recent data available, NCCI has proposed an overall average rate level decrease of 5.7 percent, effective January 1, 2021 in Florida.
To view NCCI’s Overview of the proposed rate filing, click here.
Ryan Schmidt is a Client Advisor and Partner with Gulfshore Insurance. Ryan specializes in working with commercial clients. Comments and questions are welcome at rschmidt@gulfshoreinsurance.com.
Gulfshore Insurance is a Naples, Florida based insurance agency specializing in business insurance including liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, and more. Our insurance and risk management advisors are industry specialists for condominium associations, golf and country clubs, oil and petroleum marketers, construction, landscaping, churches and non-profits, and work comp. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.
With stay at home and shelter in place restrictions beginning to lift, construction companies are faced with difficult questions that must be addressed as they transition back to normal operations, such as: How can we protect our employees, third-parties, and projects from the disease? First and foremost, we encourage you to create a return to work action plan.
The following tips can help reduce the risk of exposure:
Complete a task-based risk assessment/mapping of the project site to determine best strategies for social distancing of at least 6 feet, and ensure staff have face coverings.
To the extent tools or equipment must be shared, provide and instruct workers to use alcohol based wipes to clean tools before and after use. When cleaning tools and equipment, workers should consult manufacturer recommendations for proper cleaning techniques and restrictions.
Keep in-person meetings (including toolbox talks and safety meetings) as short as possible, limit the number of workers in attendance, and use social distancing practices.
Eliminate non-essential visits, such as job tours, vendor demos, etc.
Clean and disinfect portable jobsite toilets regularly. Hand sanitizer dispensers should be filled regularly. Frequently-touched items (i.e., door pulls and toilet seats) should be disinfected.
If an employee tests positive for COVID-19 there are actions you can take to protect other employees, clients, and your business:
Cleaning and disinfecting should be done immediately by trained personnel and they must wear appropriate Personal Protective Equipment (PPE), including face coverings and dispose of gloves after use and wash hands and face when complete.
Visibly dirty surfaces shall be cleaned using a detergent or soap and water PRIOR to disinfection.
For disinfection, diluted household bleach solutions, alcohol solutions with at least 70 percent alcohol, and EPA-registered disinfectants on List-N should be effective. The CDC recommended bleach solution mixture for cleaning can be found here.
Consider wearable technology such as proximity devices worn on hard hats or wrist bands to monitor employee physical distancing and tracing of contacts.
PPE: for close contact activities that cannot adjust for physical distancing, consider providing enhanced PPE or a face shield with a face covering while fully considering all the potential OSHA requirements.
Please note: Construction companies and vendors should continually monitor global (World Health Organization WHO), federal (CDC), state, and local guidelines for changes in recommendations, disinfection strategies, worker protections and other best management practices.
We use cookies to personalize and enhance your experience on our site. Visit our Privacy Policy to learn more. By using our site, you agree to our use of cookies, as well as our Privacy Policy and Terms of Use.I AGREE
As we enter the hottest months of the year, it is important to plan ahead for work-related heat exposure and the potential for heat-related illness among workers. Heat stress and heat strain can increase the risk of workplace injuries. Workers in a wide variety of industries are exposed to hot environments during work and are at risk for heat-related illness. A recent study identified public administration (35% of the total cases); agriculture, forestry, fishing, and hunting (13%); and construction (8%) as industry groups with the highest number of heat-related illnesses. Younger workers and male workers were at greater risk than other demographic groups. This study also found that 9% of heat-related illness cases happened to new workers within two weeks of hire.
The National Council on Compensation Insurance (NCCI) recently delivered its annual workers’ compensation insurance rate filing to the Florida Office of Insurance Regulation.
