b"THE OFFICIAL NFBA MAGAZINEcontinued from page: 9Critical infrastructure:Many construction firmsas recognizing phishing attempts, using strong work on critical infrastructure projects, such aspasswords, and safeguarding sensitive data. A well-bridges, highways, and power plants. Cyberattackstrained workforce is the first line of defense against on such projects can have widespread consequences,cyber threats.making them attractive targets for nation-state actors,Regular Security Audits:Regular security audits can terrorists or politically motivated hackers. help identify company system vulnerabilities before Cyberattacks Big Impact attackers can exploit them. Audits should include A successful cyberattack on a construction companyboth internal systems and those of key vendors and can have far-reaching consequences: subcontractors.Project Delays:Cyberattacks can disrupt projectMulti-Factor Authentication (MFA):Implementing BUSINESS MANAGEMENTmanagement systems, delay timelines, and haltMFA for all employees and contractors can significantly construction progress. The impact can be devastatingreduce the risk of unauthorized access to company in an industry where delays can lead to significantsystems.financial penalties. Data Encryption:Sensitive data should be encrypted at Missed Bid:For a contractor, a missed bid is a missedrest and in transit to ensure that even if attackers gain opportunity. A cyber attack can hinder a contractor'saccess to the data, they cannot easily read or use it.ability to submit a bid by causing system outages, dataIncident Response Planning: Construction companies loss, and reputational damage, all of which disruptshould develop and regularly update their incident their preparation and ability to meet submissionresponse plans. These plans should outline how the deadlines. Critical documents and pricing informationcompany will respond to various cyber incidents, may become inaccessible, and the contractor mayincluding ransomware attacks, data breaches, and struggle to gather necessary compliance materials,insider threats.making it impossible to submit a valid bid on time. Cyber insurance:This form of insurance helps Financial Losses:Beyond the immediate costs ofbusinesses protect themselves against risks related ransomware payments or data recovery efforts,to cybercrime and data breaches. It can cover costs construction firms may also face lost revenue,associated with a data breach, such as notification legal fees, and regulatory fines. Clients may sue forexpenses, data recovery costs, damages, legal fees, and breaches of contract if a project is delayed due to aother expenses related to managing a security breach. cyberattack. Additionally, it can often provide assistance in the event Reputational Damage:In a competitive industry,of cyber-attacks, such as ransomware or phishing attacks.reputation is everything, and a tarnished reputationCyber insurance can be tailored to businesses' individual can be difficult to recover from. A data breach orneeds.AXA XL, for example, recently announced a other cyber incident can erode trust with clients andspecial endorsement for its cyber policy, specifically partners, leading to a loss of future business. designed for construction firms.The endorsement Compliance Issues:As governments tightenextends coverage to cyber risks specific to contractors; cybersecurity regulations, construction companiesfor instance, there isMissed Bid coverage, which would may face fines or other penalties if they fail toreimburse a construction firm for income loss due to comply with data protection laws. For instance, ifbeing unable to submit a bid because of a cyber security a construction firm handles personal data, it mustbreach or system failure.adhere to regulations such as the General DataAs the construction industry continues to digitize, Protection Regulation (GDPR) in Europe or thethe importance of cybersecurity cannot be overstated. California Consumer Privacy Act (CCPA) in theWhile technology offers tremendous benefits, it also United States. introduces new risks that must be carefully managed. By Building a Cybersecurity Strategy understanding the industry's specific cyber threats and Construction companies should develop ataking proactive steps to mitigate them, including buying comprehensive cybersecurity strategy to mitigate thetailored cyber insurance available today, construction risks posed by cyberattacks. Key steps include: companies can protect their assets, reputation, and bottom line in the face of an increasingly hostile cyber Employee Training:It is essential to educatelandscape.employees on cybersecurity best practices, such 10 / FRAME BUILDER - VOL6 5"