________________________________________________________________________________________________________________________
The construction industry has not traditionally been associated with cybersecurity concerns because of the misguided perception that it handles and stores limited personal and sensitive information . However , regardless of the industry , a cybersecurity threat can expose all of a company ’ s digital assets , including proprietary business plans , acquisition strategies , employee and client data , and other confidential information . The construction industry is not immune to these data security concerns and is also faced with arguably even more data at risk given its heavy dependence on third parties , including subcontractors and offsite manufacturing vendors . The personally identifiable information ( PII ) and , where relevant , the protected health information ( PHI ) of employees , contractors , and third parties that is collected , stored , and shared during construction projects provides ample opportunity for intrusion across multiple working streams and transactions ; the advancement of digital project management solutions such as building information modelling ( BIM ) renders this data more immediately exploitable .
Cybersecurity controls
Exposure of proprietary construction plans and designs , facilities security information , and other valuable interpersonal property ( IP ) also poses a physical security risk to a construction project ’ s success and longevity . No matter the type of confidential information , a data compromise can severely interrupt the building process and cause potential delays on project sites , ultimately harming the company ’ s reputation .
In addition to misperceptions around the amount of sensitive personal information and business data handled by construction companies , the construction industry is notoriously slow in keeping up with relevant privacy and security regulations . This is due to several factors :
• Most project costs are incurred by contractors , who are trying to reduce overhead costs . Effective and meaningful technology and software implementation and the accompanying data privacy and security compliance require a dedicated corporate resource , which eats into a contractors ’ profitability .
• Construction projects are schedule driven – delays to the project schedule costs money . Implementing and monitoring compliance with policies and procedures can take a tremendous amount of time on the part of the contractors . With tight schedules and shrinking profit margins , contractors can be slow to implement required processes , especially if compliance requires additional personnel .
• The intrinsic culture and resistance to change that exists within the industry can make it difficult to embrace the associated challenges that come with new technologies and processes if international standards are not used as guidance .
In addition , the industry is largely unregulated , which has contributed to a lack of preparedness and the tendency to overlook critical data governance initiatives . In 2021 , a report by IBM Ponemon found that 74 percent of organizations within the construction industry are not prepared for cyber-attacks and do not have an incident response plan in place .
Among the biggest cybersecurity risks facing the construction industry are ransomware and data theft . Although construction companies have continued to adopt and rely upon next-generation
14