Cyber risks in the construction industry

Cyber risks in the construction industry

cyber risks in the construction industryConstruction output in the UK is more than £110 billion per annum and contributes 7% of GDP [1]. It’s a hands on industry; building infrastructures, mining, quarrying, forestry, supply of products, as well as maintenance and disposal, for both business and individual clients. So you might be surprised to hear that an industry that constructs so much offline, faces significant risks online.

According to UK government statistics, in 2015, 15% of construction business premises were affected by online crime. That means 1 in 6 constructions firms [2].  A study from The Home Office from that same year shows there were 77,000 incidents of online crime against construction companies, in which 71% were computer viruses and 10% were hackers [3].

Construction industry data is more valuable than you think.

Think about your company client base, the current, past and future projects, and all the information you hold. ‘The leaking of market-sensitive information, intellectual property or other confidential information could have serious financial consequences for your business.’ [4]

One of the most publicised and embarrassing security breaches came back in 2013, when hackers believed to be working from China stole a construction company’s blueprints for the building of the new Australian Security Intelligence Headquarters. [5]

It isn’t just hackers you need to be protecting yourself against either, multiple sets of employees, consultants and contractors, could all provide an element of risk when it comes to a data breach. Don’t forget, it is a legal requirement to ensure that all data is held securely and is used in the correct way.

GDPR and Construction

It is important to understand the GDPR (General Data Protection Regulation) and what it means to your business. As the construction industry faces a migration towards more digitalised, integrated and complex systems, the potential impact and risk to the data being held by companies is increasing.

GDPR is coming. In an effort to make sure companies are doing everything they can to protect their data – this EU legislation is coming in to force from May 2018 and companies need to be ready. Bringing penalties of up to €20 million, or, if higher 4% of total revenues for those who don’t comply.

Building a safer cyber environment

Keeping systems up-to-date, having back-ups, secure Wi-Fi, installing anti-virus and building an internal policy to educate staff all helps to reduce risk. Perhaps start by having a frank discussion with your IT support provider to ensure you are doing everything you can.

Here are a few more tips to help protect your business:

  • Consider getting the ISO 27001 certification, which proves you are following the necessary security policies and procedures. [6]
  • Make sure your finance team are well trained and on the lookout for phishing scams.
  • If you have multiple connected users, make sure you install a privileged account security solution on each device. It will help to reduce your chances of sensitive data being accessed. It also makes it easier to control should a device be mislaid or stolen.
  • Install software that provides real-time protection and automatically receives the most up-to-date malware definitions. [7]
  • Prepare a plan for how the business will respond to an incident.’ [8]

Why not get in touch with your HETAS Insurance team on 08455 085 734 to see how they can help you.


HETAS Ltd is an introducer appointed representative of Jelf Insurance Brokers Limited. Hetas Insurance Services is a trading name of Jelf Insurance Brokers Ltd (Reg No. 0837227), which is part of Jelf Group plc (Reg No. 2975376) and is authorised and regulated by the Financial Conduct Authority (FCA).  Registered address: Hillside Court, Bowling Hill, Chipping Sodbury, Bristol BS37 6JX (Registered in England and Wales). Not all products and services offered are regulated by the FCA. JIB226.09.17













Leave a Reply

Your email address will not be published. Required fields are marked *