b'Why Cybersecurity Matters for Constructioninaccessible until the ransom is paid. This type of cyberattack may cause a construction company to miss a bid on a large project or experience disruption of ongoing operations, causing Jason Kosek is a shareholder with New York City-based law firmdelays to the critical path on ongoing projects, and potentially Anderson Kill. Opinions are the authors own.long-term brand damage. Cybercriminals are increasingly targeting construction firms,How builders can protect themselves drawn by large financial assets and tight project timelines,Construction companies should be proactive to avoid becoming rendering both large and small projects vulnerable. Notablevictims of a cyberattack. Steps vital to cyber hygiene include: attackssuch as the ransomware attacks on Bouygues Construction in France, where 200 gigabytes of data were locked in Jan. 2020, according to Le Monde Informatique, and1.Develop a team within your company with digital and against Canadas Bird Construction the prior month, per CBCmanagerial skills. News, where 60 gigabytes were frozenhighlight the need for2.Learn the language of the digital world with its risks and robust cyber insurance. rewards. 3.Focus on maintaining a robust and vigilant cyber policy for The 2021 Infrastructure Investment and Jobs Act has spurredall employees. more projects, amplifying cyber risks as firms digitize, which4.Provide training, and regular refresh training, with updated creates new attack vectors. Sophisticated tactics like phishing issues and techniques. through email, voice and SMS messagesexploit weak5.Consult experts in the field, from IT, brokers and response passwords, a lack of multifactor authentication and careless datacounsel. sharing. 6.Know what you will do, who to call and how to mobilize for an event. Construction companies must prioritize cyber hygiene to7.Review and reinforce contractual relationships to ensure safeguard data and projects, as well as cyber insurance to protectadequate safeguards for all participants, remembering that themselves in case an attack breaks through their defenses.the weakest link exists. 8.Meet in person with contractors, specialty contractors, Why construction is attractive, and vulnerablevendors, suppliers and communication platforms to ensure Several factors make the construction industry at risk forthat everyone addresses risk. cyberattacks. One is the recent digitization of the constructionAdd cyber risk to the on-site safety meeting agenda and stay industry.current on developments in this area. In recent years, the construction industry has undergone a technological boom, with innovations of technology that includePurchase cyber insurance Building Information Modeling, or BIM, and cloud-based projectSince even the most carefully designed and executed cyber management platforms. The amount of sensitive data that thedefenses may be breached, its also essential to purchase construction industry maintains in cloud-based software andeffective insurance protection, either via a stand-alone project management platformssuch as banking information,cyber insurance policy or a cyber endorsement to an bid information, personal employee information and proprietaryexisting policy. Certain policies may include downstream designsincreases year after year.contractual penalty coverage, which is advertised to cover As the construction industry embraces modernization and digitalloss as a result of contractual penalties due to construction transformation, it also inherits the evolving cybersecurity threatsand/or production delays resulting from a cyber security that come with it. breach or system failure.General contractors increasingly require subcontractors to upload payment requisitions, including sub-subcontractors financial details, bank accounts and wire instructions to online softwareConstruction companies should also look for insurance platforms vulnerable to cyberattacks. Subcontractors face liabilitypolicies that provide crisis management services.As cyber if a hack compromises this data, causing damage. Time-sensitiveinsurance for construction companies has only recently decisions, critical for cost and schedule management, oftenbeen introduced, it is important to review policies carefully prioritize speed over securitya shortsighted approach that risksto ensure that they match a companys most salient risks. significant project delays and losses.Cyberattacks in the construction industry are becoming the Consequences of a cyber attack or data breachrule, rather than the exception. If they have not already Cyberattacks can have a devastating impact on constructiondone so, construction companies should take basic companies. Generally, if a construction company suffers a dataimmediate steps to reduce cyber risks and frequently review breach, depending on state-specific notification requirements, ittheir cyber practices and training to stay abreast of new may have to alert the affected individuals and the state attorneytypes of attack. They should also seek the advice of their general. The consequence of such a breach, apart from the obviousattorneys to assess whether their contracts and insurance direct monetary loss, can include civil penalties and consumercoverage provide adequate protection. restitution. The fallout will also delay any construction projects and may cause irreparable reputational harm within the industry.Sen McCabe, an attorney in Anderson Kills New York office, contributed to this op-ed. A ransomware attack can effectively halt a construction companys operations.Ransomware attackers encrypt aBy:Jason Kosek companys critical data, such as digital project management systems, design files or other critical software, and render them5'