News & Insights

Cyber security and the construction industry: what you need to know

Published 25 November 2016

With a string of high-profile data breaches making headline news across the world, no company appears to be immune from the threat of a cyber incursion. Apple, Sony, JP Morgan Chase, British Airways and the European Central Bank are among high-end corporates to fall victim to hackers or malware, while the Australian Census fail of 2016 was, officially at least, attributed to a cyber attack.

According to Norton, cyber crime cost the Australian economy more than $1.2bn in 2015. And while construction hasn’t typically been considered amongst the at-risk sectors, the exposures are very real. Why? Because client, contractor and staff details, confidential project information, intellectual property and financial data are stored online and routinely accessed by multiple parties on a variety of devices via the cloud.

This data has real value for increasingly sophisticated cyber criminals, who have a variety of means of exploiting system vulnerabilities, including hacking, malware, ransomware and distributed denial of service (DDoS) attacks. Although 46% of cyber attacks are malicious, human error, such as losing data or equipment, is also a major factor contributing to 27% of breaches*. It all adds up to a threat that no construction company can ignore.

construction industry cyber insurance

What are the consequences of a cyber breach?

Cyber security breaches can have a devastating financial impact on businesses. According to the latest research from IBM and the Ponemon Institute, the average total cost of a data breach to an Australian company is $2.64m. Amendments to the Privacy Act in 2014 also introduced the threat of fines of up to $1.7m to companies that breach sensitive customer data. Lost revenue through inability to trade could add to the virtual cycle of misery, too.

But cyber breaches can also have a negative impact on a business’s reputation, eroding customer trust that can take years to build. So what can you do to protect yourself?

5 steps to mitigating your cyber risk

Cyber insurance expert Peter Campbell, of CCF’s endorsed insurance broker Gallagher, says that a holistic approach to mitigating cyber risk should be top of every business’s agenda, and should consist of:

  1. developing a cyber breach response plan, with clearly designated leaders
  2. training and education for all staff on cyber security measures and responsibilities
  3.  creating a mobile device security policy
  4. adopting best practice information security procedures, including firewalls, virus protection, encryption and offsite data back-up
  5. taking out adequate insurance, including specific cyber liability cover.

“Cyber insurance is highly recommended, but it is a safeguard to limit the damage to financial compensation, it can’t stop breaches from occurring," said Campbell.

He recommends business owners speak to a cyber insurance expert as part of their risk mitigation strategy. “Levels of cyber insurance take-up in Australia are lower than they should be – largely because the threat has sometimes seemed nebulous, and the terminology has been hard to understand.

“However, businesses cannot afford to ignore this threat. It’s very real, it’s affecting Australian businesses every day and it’s only going to become more prevalent.”

*Ponemon Institute, 2016 Cost of Data Breach Study: Australia

 

Connect with an expertchevron-right

 

Further reading

Cyber insurance

Do I need cyber-liability insurance?


Construction contract works insurance ‒Victorian COVID-19 stop work orders
Construction | Article

Construction contract works insurance ‒Victorian COVID-19 stop work orders

22 September 2021
Construction contract works insurance ‒NSW COVID-19 stop work orders
Construction | Article

Construction contract works insurance ‒NSW COVID-19 stop work orders

21 July 2021
5 essential business risk guidelines for safely managing contractors
Construction | Article

5 essential business risk guidelines for safely managing contractors

08 April 2021