Reports of a new cyber risk or attack are never far from the headlines. This evolving threat is omnipresent for UK businesses. It ranked highest in the UK in Allianz’s 2018 Risk Barometer and was reported as a key risk by over 60% of participants. In the same survey, 54% of respondents identified cyber as the most underestimated risk.
These are not empty fears. In 2016, the Home Office’s Commercial Victimisation Survey (circa 1,000 respondents) showed that online crimes affected 15% of construction businesses. It was reported that 71% of cases arose from computer viruses and 10% from malicious hacking.
An Increasing Threat
Since the 2016 survey, we have seen a significant increase in Ransomware attacks. The estimated global cost in 2016 was USD 1 billion; this increased to USD 4 billion in 2017. The WannaCry and NotPetya attacks in May and June 2017 show that malware has the potential to cause and spread issues across the globe.
The regulatory landscape is changing too. With effect from 25 May 2018, the EU General Data Protection Regulations (GDPR) will apply to UK businesses. This will impact all data controllers and processors that reside within the EU, with identical provisions applying in the UK. Importantly, its territorial scope is wider than the EU. GDPR applies to the processing of personal data of data subjects who reside within the EU by both controllers and processors where they offer goods or services to people in the EU or monitor their behaviour.
While it may feel that this is a problem that predominantly affects the US, this is more likely a result of the stricter reporting and notification requirements in that jurisdiction.
It is also worth mentioning that data need not be exclusively electronic and the regulations are equally applicable to traditional hard copy records. This important regulatory change is dealt with in more detail within this paper.
Considering The Issues
Within this report, we highlight some of the risks faced by the construction industry and the opportunities for transferring risk to the insurance market. We recognise that this risk has many different aspects for businesses. For example, facilities management (FM) contractors have considerable exposures in relation to their interface with networked building management systems (BMS), the Internet of Things (IoT) and, in the case of certain soft FM activities, the handling of personal data.
We conclude our paper with an overview of the coverage available under a cyber-policy in comparison to more traditional insurance coverage. As with any insurance product purchase, relying on an off-the-shelf insurance product without fully considering your unique risk characteristics is a dangerous strategy; standard policies may not include the coverage required for your business.
Download our white paper, Cyber Risks for Construction and Facilities Management Contractors.
It contains essential information for planning your cyber strategy, plus considerations for designing the wide-ranging insurance needed to cover all risk areas.
For further information, please contact Mike Johnson, Contractor Group Leader on +44 (0)20 7528 4759 or email firstname.lastname@example.org