Construction businesses are essential to our society, providing the infrastructure and buildings that shape our world. However, these businesses are also a prime target for cyber-facilitated fraud, according to a recent warning from the government. A government study has found that construction businesses are often behind in online protection and the adoption of digital services and consequently suffer higher fraud rates.
According to a recent government study, construction businesses are often the most behind when it comes to online protection, meaning their businesses are most likely to be targeted victims of fraud. In particular, construction websites are usually not protected by SSL or even up to date, having been built years ago and forgotten about. This lack of cybersecurity infrastructure puts construction businesses at a higher risk of cyber-attacks.
The Department for Digital, Culture, Media and Sport's (DCMS) most recent survey found that 39% of businesses in the UK had identified a cyber-attack in the previous 12 months. However, less cyber-aware organisations are likely to be under-reporting or missing the evidence of an attack. The most common threat was phishing attempts, mentioned by 83% of the respondents. Just over one in five (21%) identified a more sophisticated attack, such as denial of service, malware or ransomware attack, which can result in company systems or key files being locked.
Compared with other sectors, construction's relatively late surge into technology adoption puts the sector under greater threat, with lower historic investment in security infrastructure and a workforce that needs upskilling in using tools effectively and safely. Construction is also vulnerable because of the way it works. Projects are delivered using a broad network of businesses and a workforce spread across multiple locations. With the sector becoming more data-rich and organisations attempting to improve the understanding of our built assets, particularly in a post-Grenfell and the net zero-focused world, the possible points of failure increase.
Construction businesses are most likely to be targeted victims.
However, businesses can protect themselves from cyber threats. Effective cybersecurity protects companies' information, networks and devices against unauthorised access. Key areas for consideration include network security, data protection, ongoing security, device-level security, secure supply chain and user management. To ensure construction businesses are as protected as possible from cyber threats, it is critical that their defences include all of these cybersecurity elements.
With breaches becoming more common, delaying is not an option. It is vital that construction businesses prioritise cybersecurity and implement measures to protect their systems, data and assets. This may require investment in new technology, training and awareness programmes, and regular testing and monitoring of their systems. By taking these steps, construction businesses can protect themselves against cyber-attacks and ensure long-term success in the digital age.