News & Insights

Cyber risks in construction industry Gallagher AU 2022 report

Published 27 April 2022

Businesses in the Australian construction sector should be aware that the industry presents expanding attack opportunities for cyber criminals, our Gallagher leaders warn in this new report. 

Roger Irvine, Head of Construction, Australia and Asia, and Cyber/Technology Practice Leader Robyn Adcock collaborated on the report Cyber Risk Extends to All Industry Sectors: Impacts to the Construction Industry to provide a combined analysis of industry exposures and guidelines to risk mitigation.

Click here to download the report 

The growing cyber threat to the construction industry

Cyber threats are increasing in frequency, scope and cost. According to the Australian Cyber Security Centre (ACSC) in the 2020‒21 financial period there were over 67,500 cyber crime reports, with losses exceeding $33 billion. 

Ransomware attacks increased almost 15% over the previous financial year. With an average down time of 23 days, this threat has the potential to shut down access to critical data, leading to construction project delays that bleed out to contractors, subcontractors and other key players involved.

Hackers also employ social engineering schemes to trick employees into funds transfer fraud by impersonating senior management and key vendors through sophisticated business email compromise (BEC) tactics.

The expanding cyber attack opportunities to beware of in construction

While construction businesses are subject to the same cyber threats as other industries, attacks on supply chains that flow on to potentially thousands of related contacts. The unique exposures associated with specific tools used for managing data, delivering services and systems control have been identified as higher impact cyber risks in the construction sector.

These construction sector practices that also represent cyber risks include

  • 3D building information modelling (BIM)
  • 5D BIM
  • industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA)
  • drones
  • autonomous construction machinery
  • robotics
  • biometrics
  • cloud technology
  • mobile devices
  • internet of things (IoT).

Compromise of these cyber risks expose construction businesses to

  • liability to third parties
  • associated costs of cyber breaches
  • compromise of confidential business information
  • unauthorised access to project plant, data and specifications
  • injury or damage to people and property
  • liability for delay and business interruption. 

Download the full report to learn about the 4 key areas of a cyber insurance risk solutions to improve vulnerability and impact of cyber risk in the construction sector.

Get expert construction sector cyber security advice

Contact Gallagher to gain construction or cyber expertise for cyber risk management guidance and assistance with tailoring cyber insurance cover to business and operations. 

Further reading


Construction insurance

Find out morechevron-right

Cyber insurance

Find out morechevron-right
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective.
Principal arranged contract works insurance can help retain critical cover
Construction | Article

Principal arranged contract works insurance can help retain critical cover

22 March 2022
Insuring commercial construction risks –what to be aware of
Construction | Article

Insuring commercial construction risks –what to be aware of

24 February 2022
Construction contract works insurance ‒Victorian COVID-19 stop work orders
Construction | Article

Construction contract works insurance ‒Victorian COVID-19 stop work orders

22 September 2021