Why is cybersecurity risk growing in the construction industry?

July 8, 2019

By Laura Dugan ’03

 construction manager on laptop at construction site signifies how cybersecurity can affect construction

Many industries address cyber risk as part of their day-to-day function – retail, finance, health care, and government to name a few. One industry that is relatively new to addressing cybersecurity is construction, but as business becomes progressively more digital, the industry is taking steps to address cyber risks alongside physical ones.

An article published in Construction Executive (CE)states that there is a large amount of proprietary data within the construction industry, whether employee information or bid, design, and materials data. Breaches of this data can lead to negative effects.

“Attacks, such as a denial of service (DOS), can cripple a company from processing data. The company may not be able to pay vendors. Third-party and vendor information could be at risk, further spreading the cyber-attack. Employees are affected if the company is unable to process payroll and employees fall behind on their own bills,” says Greg Davis, in the CE article “Cybersecurity and the Construction Industry.”

The nature of the construction industry, often involving a changing rotation of employees depending on project status as well as multiple contractors, can make it difficult to stay on top of potential security threats.

Michael Erdman, writing for the MyIT Blog, states that there are three primary cybersecurity risks in construction:

  • A mobile workforce:The vast majority of construction employees are not working in an office building, but are on site. This complicates securing devices when employees are not in one location or on one network. 

“You need to require all users to enter a password to access these devices, and you should be able to remove access to any company data or have the ability to wipe all company data off the device remotely,” says Erdman.

  • File sharing across multiple contractors:Construction is a team-based business. Contractors are assigned to various portions of the work, but all need access to key information. 

“Dozens of companies [require access] to complete a project. Confidential data (bids, blueprints, financials, employee records) must remain secure, yet accessible,” Erdman continues.

  • Disparate workforce:Construction workers have varying levels of education and understanding of technology. Additionally, turnover in the construction field is often high. 

“Unlike most corporate offices, you cannot classify every employee at a construction company as an office or field worker... the constant change in staff makes it difficult to consistently train everyone,” Erdman concludes. 

Read the full article on the 3 Biggest Construction Cybersecurity Risks.

While cybersecurity risks within the construction industry may be growing, they can be remediated. Implementing training and prevention techniques with all staff – including those working for contractors or subcontractors – is vital, as is addressing any issues as soon as they happen. Ultimately, it’s important to recognize and understand that cyber risks exist within the construction industry, and that preventive methods can be put into place.

To learn more about Capitol’s degree programs in Construction Management and Critical Infrastructure, contact admissions@captechu.edu

Categories: Cybersecurity