Sponsored Content: Allied World

The Case for Cyber Coverage in the Construction Industry

Construction companies are not exempt from the dangers of cyber crime.
By: | June 6, 2018 • 5 min read

Construction may be one of the few industries today that is not data production driven. Most construction firms don’t have large IT departments and the majority have little expertise in managing information security. However, access to clients’ confidential information and an increased dependence on technology have exposed construction companies to a host of new threats, making the need for cybersecurity a critical risk management consideration.

It is projected that cyber crime will cost businesses approximately $6 trillion per year on average through 2021. There’s a belief among construction companies that they aren’t a target, which only makes the industry easier prey for attackers. And it’s not just large companies that are susceptible. In 2016, nearly half of cyber hacks targeted small businesses. A recent Forrester survey revealed that more than 75 percent of respondents in the construction, engineering and infrastructure industries had experienced a cyber-incident within the last 12 months.

Jason Glasgow, Vice President, Cyber Lead

A recent Forrester survey revealed that more than 75% of respondents in the construction, engineering & infrastructure industries had experienced a cyber-incident within the last 12 months.

Like all businesses, construction companies must adopt a robust cyber security risk management strategy and take the time to understand the exposures including:

  • Access to client’s confidential information – Although your company may not store the type of personal information hackers find desirable (e.g., credit cards or financial records), you may still have access to your clients’ confidential information. Compromised intellectual property such as building specifications and architectural drawings can provide a roadmap for criminals to gain access to valuable personally identifiable information (PII), including financial accounts and employee data. Just like any other company, if you have access to this type of confidential information, you’re vulnerable to phishing, ransomware, and other common forms of cyber attack.
  • Business interruption exposure – As in any industry, cyber attacks can result in costly business interruptions for construction companies. A delay in construction projects can be quite costly. This potential disruption must be built into a risk management plan. If a breach occurs, construction companies should have a contingency plan in place to make sure projects are not delayed and if so, they are back up and running as soon as possible.
  • Mobile dependency – The construction industry poses a unique cyber security challenge in that it is highly decentralized. There are many stakeholders involved in construction projects that are highly dependent on mobile devices and laptops, offering multiple access points to networks and creating vulnerability if they are not all adequately trained on cyber security. Adding another layer of exposure, valuable technology such as laptops are often stored on jobsites in unsecured trailers, making this information an easy target for thieves.
  • Increased reliance on technology – In addition to a reliance on mobile devices such as smart phones and laptops, the construction industry is increasingly adopting new technologies to improve safety and efficiency. Wearables and drones provide real-time monitoring and data collection, while virtual reality can create simulations of building designs. These technologies open a world of safety, training and efficiency opportunities, but also give malicious actors potential access to valuable information.
  • Third party liability – As third-party vendors to clients, who also use third party suppliers and subcontractors themselves, construction companies are exposed to stakeholder breach liability risk on all sides. Perhaps the most well-known example of this exposure came in the 2013 cyber attack on a large, national retailer, in which a small HVAC contractor providing services suffered a data breach. The hackers gained access to the network credentials that the contractor used to remotely access the retailer’s network, resulting in a breach of credit and debit card information for tens of millions of customers in the U.S. This HVAC contractor could have been held liable for the damages customers sustained.
  • Claims findings – Claims arising out of breaches are as a result of various types of attacks including ransomware, phishing and social engineering where criminals send emails purporting to be employees or trusted business partners in order to get confidential information or steal money. These attacks can be from criminals with a pure profit motive, competitors attempting to steal information, or criminals seeking to create chaos for other reasons.

The bottom line?

Construction companies are not exempt from the dangers of cyber crime. Our increased dependency on technology exposes all stakeholders to increased risk. Companies can mitigate this risk by developing mobile device security and cyber breach plans, and by providing adequate training for all employees on cyber security measures and responsibilities.

Recognizing that construction companies tend to be more focused on completing projects on time and within budget, some cyber policies offer proactive, value-added risk management support. This added level of support can serve as a tremendous resource, especially for companies that lack expertise in information security. Working with an insurance agent who has proven expertise in cyber security and familiarity with the unique risks posed to this industry is the best way for construction companies to ensure that they are adequately covered.

For more information, visit https://www.alliedworldinsurance.com/usa-professional-liability-cyber-liability.

This information is provided as a general overview for agents and brokers. Coverage will be underwritten by an insurance subsidiary of Allied World Assurance Company Holdings, GmbH, a Fairfax company (“Allied World”). Such subsidiaries currently carry an A.M. Best rating of “A” (Excellent), a Moody’s rating of “A3” (Good) and a Standard & Poor’s rating of “A-” (Strong), as applicable. Coverage is offered only through licensed agents and brokers. Actual coverage may vary and is subject to policy language as issued. Coverage may not be available in all jurisdictions. FrameWRXSM services are provided by third-party vendors via a platform maintained in Farmington, CT by Allied World Insurance Company, a member company of Allied World. © 2018 Allied World Assurance Company Holdings, GmbH. All rights reserved.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Allied World. The editorial staff of Risk & Insurance had no role in its preparation.




Allied World is a global provider of innovative property, casualty and specialty insurance and reinsurance solutions.

2018 Risk All Stars

Stop Mitigating Risk. Start Conquering It Like These 2018 Risk All Stars

The concept of risk mastery and ownership, as displayed by the 2018 Risk All Stars, includes not simply seeking to control outcomes but taking full responsibility for them.
By: | September 14, 2018 • 3 min read

People talk a lot about how risk managers can get a seat at the table. The discussion implies that the risk manager is an outsider, striving to get the ear or the attention of an insider, the CEO or CFO.

Advertisement




But there are risk managers who go about things in a different way. And the 2018 Risk All Stars are prime examples of that.

These risk managers put in gear their passion, creativity and perseverance to become masters of a situation, pushing aside any notion that they are anything other than key players.

Goodyear’s Craig Melnick had only been with the global tire maker a few months when Hurricane Harvey dumped a record amount of rainfall on Houston.

Brilliant communication between Melnick and his new teammates gave him timely and valuable updates on the condition of manufacturing locations. Melnick remained in Akron, mastering the situation by moving inventory out of the storm’s path and making sure remediation crews were lined up ahead of time to give Goodyear its best leg up once the storm passed and the flood waters receded.

Goodyear’s resiliency in the face of the storm gave it credibility when it went to the insurance markets later that year for renewals. And here is where we hear a key phrase, produced by Kevin Garvey, one of Goodyear’s brokers at Aon.

“The markets always appreciate a risk manager who demonstrates ownership,” Garvey said, in what may be something of an understatement.

These risk managers put in gear their passion, creativity and perseverance to become masters of a situation, pushing aside any notion that they are anything other than key players.

Dianne Howard, a 2018 Risk All Star and the director of benefits and risk management for the Palm Beach County School District, achieved ownership of $50 million in property storm exposures for the district.

With FEMA saying it wouldn’t pay again for district storm losses it had already paid for, Howard went to the London markets and was successful in getting coverage. She also hammered out a deal in London that would partially reimburse the district if it suffered a mass shooting and needed to demolish a building, like what happened at Sandy Hook in Connecticut.

2018 Risk All Star Jim Cunningham was well-versed enough to know what traditional risk management theories would say when hospitality workers were suffering too many kitchen cuts. “Put a cut-prevention plan in place,” is the traditional wisdom.

But Cunningham, the vice president of risk management for the gaming company Pinnacle Entertainment, wasn’t satisfied with what looked to him like a Band-Aid approach.

Advertisement




Instead, he used predictive analytics, depending on his own team to assemble company-specific data, to determine which safety measures should be used company wide. The result? Claims frequency at the company dropped 60 percent in the first year of his program.

Alumine Bellone, a 2018 Risk All Star and the vice president of risk management for Ardent Health Services, faced an overwhelming task: Create a uniform risk management program when her hospital group grew from 14 hospitals in three states to 31 hospitals in seven.

Bellone owned the situation by visiting each facility right before the acquisition and again right after, to make sure each caregiving population was ready to integrate into a standardized risk management system.

After consolidating insurance policies, Bellone achieved $893,000 in synergies.

In each of these cases, and in more on the following pages, we see examples of risk managers who weren’t just knocking on the door; they were owning the room. &

____________________

Risk All Stars stand out from their peers by overcoming challenges through exceptional problem solving, creativity, clarity of vision and passion.

See the complete list of 2018 Risk All Stars.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]