The Bonadio Group 2024 Annual Report is Now Available!  Download

Close this search box.

Cyber Attacks – The New Silent Killer of Construction & Contractor Businesses

August 16th, 2019

If at any point during the workday you connect to the internet, you and your company are at risk of a cyberattack that could destroy your business.
In a survey by the Ponemon Institute, it was discovered that 55 percent of small businesses, including contractors, have experienced some sort of recent breach. This number is only set to increase in the years to come.

What Does This Mean for Organizations Within the Construction and Contracting World?

Many people are still under the assumption that the construction industry is not at risk for a cyberattack because cyber criminals are only looking for personal information, such as credit card data, which construction companies do not usually keep on record. However, this is no longer the case.

In regard to the construction industry, hackers can bring projects crashing to a halt by infiltrating computer networks that hold information that is critical to the company’s operations. Some examples of the types of information that are attractive to cyber attackers include:

  • Blueprints and project plans
  • Trade secrets
  • Employee information including benefits packages
  • Financials and payroll
  • Vendor and third-party data

In today’s world, it doesn’t matter how valuable a company’s information is for cyber criminals who are selling it on the black market. Now, it only matters how valuable that information is to the company itself.

What Happens When You Realize You Have Been Attacked By A Cyber Hacker?

Imagine, you turn on your computer to pull up project details and it turns out your network has been shut down by a cyber-criminal. They are now holding your data for a ransom that you cannot and do not want to pay. What happens next? There are a couple of options:

  • OPTION 1: You pay the ransom. There is no guarantee that this will unlock your information. Additionally, it does not reverse the impact of stolen information. You may have your own data back, but you still have to notify everyone who could have been affected by the attack (in 46 states, it is against the law not to notify those potentially affected).
  • OPTION 2: You contact a computer information systems technology expert to unlock or regain your data. Sure, this may work to recover your information. However, it is VERY costly. It may be even more expensive than paying the ransom.

Rob Coppola, a Senior Account Executive & Manager at Lawley Construction Insurance, says “In 2017, we had a client get hacked. A local construction company based in Buffalo, NY, found out that they were shut down by a cyber-criminal when suddenly all of the information on their computers was being held at ransom for $15,000. This situation literally stopped all of their ongoing projects and halted the entire company. Because they did not want to pay the ransom, they ended up having to hire an outside IT specialist. Having the specialist come in was even more expensive than the ransom. They got their information back but suffered a loss of time and revenue because of the attack. Plus, they had to make all affected parties aware of the attack.”

How Can You Defend Your Company from a Cyberattack?

There’s no way to completely prevent your network from being compromised. However, there are certain steps you can implement to help amp up your defense.

  • Keep all of your own technology updated and check out your third-party vendor’s software as well. From anti-virus programs to computer servers, all technology and software related to your network should be reviewed annually. This ensures your protections are up to date and doing their job to keep your data safe.
    • In 2013, Target was the victim of a cyberattack. Later, it was discovered that Target’s breach could have been prevented if their HVAC contractor had not let their anti-virus software expire.
  • Educate your employees. Most hackers are able to get into your network because of employee/human error. A prime example is employees clicking a link in an email that turns out to be a “phishing scam.” Emails phishing for information are difficult to spot, so it’s important to train and educate anyone working for your company, or emailing from your network, on how to spot malicious phishing schemes.
  • Protect your company with cybersecurity insurance. Because cyber criminals are relentless and are constantly searching for a weak spot in your defense against them, one of the best defense options is to purchase cybersecurity insurance. This type of coverage can help you recover from an attack in many ways, particularly in regard to your finances and reputation.
    • At Lawley, we have a team of insurance professionals who know how cybersecurity insurance can affect the construction industry. By putting coverage in place, you can protect your data, projects, and reputation.

Don’t let your company collapse because of a cyberattack. Put a proactive plan in place to keep you and your assets protected. If you need help, give the team at Lawley a call – our construction and cybersecurity professionals know your business inside and out, so we can protect you from every attack. We have been able to help clients bolster their defenses and guide them through what needs to happen after a cyberattack has occurred.

This article was contributed by Lawley Insurance. To learn more, visit or call 1.844.4LAWLEY.

This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.

Share on LinkedIn
Share on Facebook
Share on X

Related Industries

Related Services


Related Articles

Nancy Cox June 21
Nancy Cox
Industry Leader, Construction & Real Estate