Skip to main content

Connector - Winter 2022

Page 16

MANAGEMENT

By David DeSilva and Anthony Dolce

Cyber Security for Construction Understanding the risk and protecting your company

T

he time when cyber risk was mostly a data breach-related issue is over. With the explosion in ransomware attacks, business email compromises, fraud and stolen credentials, cyber is now everyone’s risk. And as it continues to increase, construction companies have become a target.

Ransomware: The No. 1 Cyber Threat The construction industry may not seem like an obvious target of cyber criminals compared to industries like health care, retail or technology – but that’s changing. Earlier this year, Canadian contractor Bird Construction and French contractor Bouygues Construction were both hit by ransomware attacks. Ransomware attacks often focus on companies that will be immediately impacted by the disruption caused by the attack. Construction companies are likely being targeted because of their limited

awareness of cyber risks and their lack of cybersecurity. In addition, ransomware can cause a substantial interruption to the complex supply chain of construction projects. And as attacks become more sophisticated, ransom demands have gone up dramatically. In fact, it’s not uncommon to have ransom demands in the range of several millions of dollars – that’s on top of the interruption loss incurred even when the ransom is paid.

Business Email Fraud A unique feature of the construction industry is the extensive use of sub-contractors and suppliers, which involves a high degree of payments flowing to and from construction companies. Additionally, construction projects are often part of a public bidding process. The details in this process include information about the project and the winners. This makes construction companies an attractive target for business email compromise fraud. This

is a deception scam where cyber criminals send fraudulent email messages disguised as legitimate invoices or wire transfer requests. The money is then transferred to the criminal’s account instead of the actual payee. In 2019, almost 24,000 of these incidents were reported to the FBI for a total of $1.8 billion in stolen funds. Many times, contractors have open data connections with their customers for things like electronic bill paying and project management. When these connections are linked to their customers’ other important systems, it creates an environment for cyber attackers who’d like nothing more than to steal as much information as they can. And once they have the contractor’s credentials, those cybercriminals can take valuable information from the contractor’s customers.

Protecting Your Company Everything has to start with cyber risk awareness and understanding what the

David DeSilva is head of Construction for The Hartford’s Middle and Large Commercial division. He is an experienced construction underwriter with capabilities in workers’ compensation, general liability, and excess lines of coverage for contractors and subcontractors. Anthony Dolce is Head of Professional Liability for The Hartford. He manages multiple underwriting groups that handle a variety of lines of business including miscellaneous professional liability, architects and engineers, cyber and technology errors and omissions. With over 20 years of experience in specialty coverages for the financial industry, he is also an attorney with a focus on insurance coverage and commercial litigation.

16 | THE STEEL ERECTORS ASSOCIATION OF AMERICA


Turn static files into dynamic content formats.

Create a flipbook
Connector - Winter 2022 by Connector, The Official Publication of SEAA - Issuu