Gallagher sounds alarm on rising cyber threats in construction sector

As Australian construction companies increasingly adopt digital technologies to enhance operational efficiency and project management, they are also exposing themselves to greater cyber risks, according to Gallagher.

The brokerage giant’s cyber insurance experts are raising awareness about these risks and offering strategies for construction businesses to safeguard against potential cyber threats.

New technologies in construction industry increase cyber exposures

In its latest blog, Gallagher noted that construction firms are experiencing enhanced productivity, thanks to the integration of digital tools such as the Internet of Things (IoT), electronic blueprints, and client management systems. However, these technologies also increase the construction industry’s vulnerability to cyberattacks.

The Australian Construction Industry Forum identified the sector as a growing target for cybercriminals, emphasising the potential for cyber incidents to disrupt project timelines and budgets.

Meanwhile, the Australian Signals Directorate (ASD) reported a 50% rise in cyber incidents within critical infrastructure projects during the 2022-23 financial year. These incidents were primarily categorised as low-level attacks or isolated system compromises.

According to the ASD, 57% of these attacks involved compromised accounts, denial of service, or compromised infrastructure, with the average financial impact being $46,000 for small businesses, $97,200 for medium-sized enterprises, and $71,600 for larger companies.

Common cyber threats facing the construction industry

According to Gallager, cyber threats that are relevant to the construction sector include:

• ransomware
• social engineering or fraud
• system failures caused by errors in newly implemented systems, with the latest outage impacting 8.5 million devices, according to Microsoft
• human error, which accounted for 30% of notifiable data breaches from July to December 2023, according to the Office of the Australian Information Commissioner (OAIC)
• insider threats

Why construction firms are at risk

Gallagher said that the sensitive nature of data managed by construction firms makes them attractive targets for cybercriminals. Projects typically involve detailed architectural plans, financial records, and personal information about workers, all of which can be exploited if not adequately protected.

Breaches can result in unauthorised access to client data, ransomware attacks, and operational disruptions.

The role of cyber insurance in mitigating risks in the construction industry

Given the potentially severe financial impact of cyber incidents, cyber insurers and brokers are encouraged to remind construction businesses about the importance of making cyber insurance a part of their risk management strategy.

“Cyberattacks can involve significant costs and down time for construction businesses, with the potential to derail projects. Cyber insurance can help cover expenses involved and provide access to expert help, from ransom negotiation to damage control,” Gallagher said.

The brokerage emphasised a thorough approach to managing cyber risks, which includes:

• conducting assessments to identify critical assets and potential vulnerabilities
• enhancing security governance and improving incident detection and response capabilities
• modelling the financial impact of potential cyber incidents
• considering insurance as a risk transfer solution to protect the balance sheet

These cyber risks come on the back of ongoing supply chain disruptions facing the Australian construction industry