A bespoke cyber security solution

19 February 2019

How to protect construction supply chains from cyber breaches. Thinking ahead article from Jack Lyons Head of Broking for Cyber (UK) at JLT Specialty.

The main cyber security issue facing the construction supply chain is the increased reliance on technology and, in particular, the wider use of building information modelling (BIM) – a collaborative way of working, underpinned by digital technologies that enable more efficient methods of designing, creating and maintaining built assets.

However, we don’t see any evidence of construction supply chain firms being targeted specifically – they are more likely to fall victim to large-scale cyber attacks where criminals or hacktivists target multiple companies to see which are easiest to penetrate.

The risk factors affecting these firms are consistent across all parts of the world. 

Protecting data and software

Generally, the main focus is on protecting data and systems because of the issues that these organisations would face if their data or software were compromised, in terms of being able to keep track of projects and completing tenders and jobs on time.

Notably, project owners are increasingly requesting that the general contractor overseeing the project conduct an audit of their internal cyber security standards. 

However, as supply chains become more connected, with the provision and utilisation of increasingly advanced information sharing systems, should general contractors consider replicating similar audit measures with project subcontractors? 

To this end, when considering consortia, it is imperative that stakeholders assess where weaknesses in one member’s cyber systems may result in breach and access to the sensitive information of all consortium members.

Sign up to our latest News & Insights

Employee error and training

Ultimately, there is a strong dimension to the cyber security challenge which can never be overlooked: human error and the actions of rogue employees. 

Training staff to be cyber-security aware is an important step in minimising these exposures.

Consequently, firms need to be able to respond quickly to evolving threats and realise that a reactive approach – minimising what attackers can do if they get into a company’s systems – can still be effective.

Talk to an expert

For more information, contact Jack Lyons, Head of Broking for Cyber (UK) on +44 20 7528 4114