Skip to main content

Constructing a more secure digital future

Recent figures show that construction firms are less likely than others to put cyber security at the top of their agendas. Paul Lowe explains why and…

Recent figures show that construction firms are less likely than others to put cyber security at the top of their agendas. Paul Lowe explains why and suggests what can be done.

The construction industry does not prioritise cyber security highly enough – and the sector must educate itself in this vital area as the speed and extent of digitalisation accelerates.

A government cyber security survey shows that 56 per cent of construction businesses believe online services are not a core part of their business offering. The same study reveals that only 43 per cent of construction businesses have sought information or advice on cyber threats in the last 12 months, compared to 58 per cent of companies generally.

This is despite the fact that the construction sector is increasingly susceptible to data security issues due to its reliance on digitised information from the design stage through to the construction of major projects.

A lot of this information is commercially sensitive and has a substantial value to the people directly involved in the project as well as those in the procurement chain. This is only likely to increase in the near future.

One of the major trends in the construction world in the last five years, particularly in design, is the introduction of building information modelling (BIM) – a way of digitally coordinating design data.

Take, for example, building an apartment block. This process will need to incorporate numerous services, such as electrical, water and gas and at the same time coordinate with the structural design elements of the building. BIM enables digitised information and drawings to be brought together into one model, often 3D computer generated. As a result, BIM is increasingly key to the construction industry because of the versatility it allows in the design process.

However, as BIM becomes more important, threats to the security of digital data become greater. You only have to look at recent cyber-attacks to see how cyber criminals have taken advantage of the commercial value bound up in these digitised models. To make matters worse, hackers are becoming increasingly sophisticated.

The integrated nature of BIM creates other threats. If designers and contractors are joining together a range of different designs and information from consultants who have different data, and this information is being pooled, there is the potential risk for hackers attacking one designer to affect the broader project.

There is a risk then of a domino effect, with very costly delays to projects. In the construction world projects are built to tight time programmes often based on the need for investors to realise their investments in an achievable timescale. This return can be disrupted as a result of interference in the design and construction process, representing a significant financial risk to everyone in the procurement chain.

What then should the industry be doing? Certainly, contractors and consultants can tighten up their approach to information security. There are international standards on information security that can be followed in order to control the way information is handled, transferred, processed, and stored. This results in a higher level of awareness of the value of the data you hold, as well as the need to maintain and protect it.

Developers generally call the shots in the construction world, primarily because they control the supply of money and could and arguably should take a leadership role in recognising the value of the data involved in their projects. As a result, they could require data security standards to be met by all parties involved.

Finally, the insurance world offers sophisticated cover for cyber security and cyber breaches, but also has the knowledge and expertise to give guidance and best practice advice on the most suitable courses of action on risk awareness and risk avoidance.

Share on Twitter