The construction industry is no stranger to insuring its projects against the risks of physical and natural disasters. Policies purchased to cover these risks, however, often are not broad enough to reach cyber threats, which can be just as damaging and costly as a physical disaster. During the past decade, hacks have targeted the data held by several high profile companies, including Target Corp., Sony Corp., Equifax Inc. and Yahoo Inc. So far, the construction industry has not yet been at the center of one of these attacks. Still, builders are no less susceptible to these risks than any other industry, especially given that these companies often possess sensitive data related to buildings and projects.
More and more businesses are beginning to transfer and store information electronically, and the construction industry is no exception. Builders increasingly use electronic means to exchange data and survey projects, including through an open and connected network between those in charge of a project and their various subcontractors and business partners. “The more you use electronic platforms, the more vulnerable you’re going to be to hackers who access data improperly or cause harm to a construction project.” Hunton Andrews Kurth LLP partner Walter Andrews stated in an interview with Law 360 on cyber risks. “What makes construction unique from other industries is developers have so many partners they need to share information with and have access to the same data platforms,” Andrews said. “They have access to your data and you have access to their data, and more importantly, a cyber thief can access your system through theirs and vice versa. That’s what starts to make it unique and create problems.”
Rather than wait for and risk sustaining a significant uncovered loss due to a cyberattack, policyholders in the construction industry should look towards specialized cyber insurance that fills any gaps left by more traditional policies. Undertaking the task of mapping cyber risks and determining what protections are in place to combat cyber threats is likely to help companies obtain the best coverage for themselves and achieve lower premiums. While companies may fear the cost and time such a review would take, the investment on the front end could save companies significantly in the long run.