As Australian construction companies adopt new technologies that enable greater efficiencies and project oversight, these same digital tools also expand their potential cyber attack surface, enabling criminal hackers to target their businesses. Our Gallagher cyber insurance experts examine how construction businesses can navigate the risks and challenges for the sector.
The use of technologies enabling accessing information, such as the internet of things (IoT), electronic blueprints, client databases and communication systems, also makes sensitive business information vulnerable to security breaches.
The Australian Construction Industry Forum has recognised and warned the industry it is a growing target for cyber criminals, threatening businesses' ability to keep construction projects on time and on budget1.
In its annual cyber threat report the Australian Signals Directorate (ASD) indicated that in the 2022‒23 financial year cyber incidents reported by critical infrastructure projects increased by 50% from the previous year2. The ASD reported that most incidents were characterised as low-level malicious attacks or isolated compromises.
About 57% involved compromised accounts or credentials; compromised assets, networks or infrastructure; and denial of service attacks, with an average cost of $46,000 for a small business, $97,200 for a medium-sized business and $71,600 for a large business3.
Construction industry data is extremely valuable and remains a high priority target for hackers. Data privacy and security is a key area of vulnerability as construction projects involve holding sensitive information, such as architectural plans, financial information and personal details of workers.
Data breaches can result in:
A construction company's network is hacked, enabling cyber criminals to encrypt critical project management files and demand a ransom for the decryption key.
The business's cyber security cover provides for engaging the services of a cyber incident response team to negotiate with the hackers to release the files, and also covers associated costs such as forensic investigation into system vulnerabilities, legal expenses (where third parties are involved) and potential business interruption losses.
A construction company's accounts payable clerk receives an invoice that appears to be from a regular vendor requesting a change in payment details for an upcoming project. Recognising the trusted business partner, the clerk actions the request which is in fact from a criminal hacker who has spoofed the sender's identity.
With cyber insurance the business can make a claim for stolen funds and access help with investigating the incident and implementing stronger security measures.
Cyber attacks can involve significant costs and down time for construction businesses, with the potential to derail projects. Cyber insurance can help cover expenses involved and provide access to expert help, from ransom negotiation to damage control.
Is your business protected against from these cyber breach exposures?
Cyber risk mitigation advice and cyber insurance cover can help businesses address vulnerabilities and cover the costs involved with these exposures.
The Gallagher cyber risk management approach to due diligence specifically helps our clients identify and prioritise key cyber risk concerns.
Our process is designed to understand current exposures and threats through an assessment of your cyber risk, which includes:
In addition to cyber insurance protection, Gallagher offers expertise, advice and resources for building business resilience to withstand cyber security incidents.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.
Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312
