Skip to content
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
Menu
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
CONTACT US

Cybersecurity: A Business Threat for Contractors

  • Blog, Real Estate & Construction

Home » Cybersecurity: A Business Threat for Contractors

By Christopher Mellen and Ian Shapiro

Recent strides in the construction industry to automate processes—such as accounting, project management and Building Information Modeling (BIM) software—introduces a corresponding set of new cyber risks. Contractors are vulnerable to the same cyber threats that impact any industry—including phishing scams, ransomware attacks and distributed denial of service, to name a few. While larger construction firms have taken measures to increase cybersecurity, many small to mid-sized companies aren’t fully aware of what threats they could face, or how to start hedging against them.

Compared to the financial services and healthcare industries, construction companies may not seem like a prime target for hackers, but documented cyber attacks have proven otherwise. Nine construction companies reported experiencing cyber attacks in 2015, an increase from just three incidents the prior year, according to the 2016 Verizon Data Breach Investigations Report.

In addition to proprietary employee data, other potentially vulnerable information includes sensitive client data, tenant personally identifiable information (PII) and non-public material information. Construction firms also house computer-aided design (CAD) drawings and blueprints to sensitive buildings, which hackers can exploit to inflict physical damage. From a national security perspective, firms involved in the construction of sensitive government facilities, critical infrastructure or even facilities for emergency management, public health or medical providers, could also be vulnerable to a cyberattack that might jeopardize those services.

Cybersecurity vulnerabilities in the construction industry are compounded by the growth of cloud computing and the Internet of Things (IoT). For example, as contractors move management and accounting software to the cloud, employees can access those systems on their personal devices. A breach occurring at the personal level, without the proper cybersecurity, could have severe implications for the larger cloud-based ecosystem. The same principle applies for the growing demand for smart devices, such as heating and cooling systems. With increased connectivity, the security and/or vulnerability of each individual device factors into the whole system’s integrity.

Cyber under-investment and negligence can cause real financial harm to construction companies. Here are the two key ways lax cybersecurity could turn into a business problem before a breach takes place.

  1. The Company Can’t Survive An Initial Cyber Vetting.

New York’s Department of Financial Services (NYDFS) recently issued the “first-in-the-nation” cybersecurity regulation. Under this guidance, financial institutions are required to implement written third-party cyber risk policies and confirm strong due diligence practices are used to evaluate the adequacy of third parties’ cyber practices. Contractors are increasingly asked to demonstrate sound cybersecurity practices, whether under a law such as the NYDFS cybersecurity regulations or as an emerging best practice. In addition, the standardization of third-party cyber risk assessments makes it easier than ever for companies to vet third-party vendors and contractors. Construction companies that either lack these internal controls or are unable to effectively communicate them may be unable to survive many request for proposal (RFP) processes—or may even be ineligible to participate or prequalify for a project owner.

  1. Your Competitors Offer More Security.

All other things being equal and given the financial and reputational fallout from a cyber incident, clients will opt to entrust their data to contractors with strong, documented cybersecurity practices. To protect their own reputations, decision makers within the client’s enterprise are likely to place a high priority on this issue, making cybersecurity an important differentiator in the marketplace.

Companies of all sizes are at risk. In 2015, 43 percent of cyberattacks were against small businesses with less than 250 employees, according to data from Symantec. The reputational and fiscal damage resulting from a cyberattack is far more impactful for small businesses. In fact, a Cyber Security Alliance study found that 60 percent of small businesses that experience a substantial cyberattack are permanently put out of business within a six-month period. Cybercriminals may specifically target mid-sized and smaller construction companies, which may not have prioritized cybersecurity like their larger counterparts. Further, it may pose a risk to large general contractors who rely heavily on smaller subcontractors, who may not have properly assessed their cybersecurity.

As the construction industry ventures into the technological realm, companies can’t afford to ignore cybersecurity. The first step to strengthening cybersecurity is conducting a risk assessment to understand a company’s vulnerabilities and business risks. Once contractors have a baseline understanding of their cybersecurity needs, they can shore up their policies. Being able to demonstrate a commitment to strong cybersecurity practices is becoming a key issue for today’s contractors, even if they’ve never experienced a data breach.

This article originally appeared in BDO USA, LLP’s “Construction Monitor Newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved. www.bdo.com

Categories
  • Agribusiness
  • Assurance, Advisory & Review
  • Blog
  • Business Consulting & Corporate Compliance
  • Current Opportunities
  • Employee Benefit Plans / 401(k)
  • Healthcare
  • High Net Worth Individuals
  • Manufacturing & Distribution
  • Newsletter Articles
  • Newsletters
  • Nonprofit
  • Press Releases
  • Privately Held Companies
  • Professional Services
  • Real Estate & Construction
  • Retail
  • Specialty Tax Services
  • T&C Family Office Group
  • Tax Planning & Compliance
  • Technology
  • Uncategorized
  • Valuation Services

SHARE THIS ON:

RELATED POSTS

SECURE 2.0 Act: What Is It and What Do You Need to Know About It?

What is it? The SECURE 2.0 Act went into law December 23, 2022, as part of the Consolidated Appropriations Act.  It is expected to reshape

Read More »

GASB Statement No. 101, Compensated Absences

In June 2022, the Governmental Accounting Standards Board (GASB) issued GASB Statement No. 101, Compensated Absences (GASBS 101 or Statement). The Statement updates the accounting

Read More »

A Closer Look at IRC Section 1031 Exchanges

By John Chenoweth, CPA What is an IRC Section 1031 Exchange? An IRC Sec. 1031 like-kind exchange is an effective method for investors to defer

Read More »

Contact Us

WEST PALM BEACH
Esperante Building
222 Lakeview Avenue
Suite 1200
West Palm Beach, FL 33401
(561) 798-9988
Fax: (561) 798-4053

FORT LAUDERDALE
The Main
201 East Las Olas Boulevard
Suite 1650
Fort Lauderdale, FL 33301
(954) 333-0001
Fax: (954) 765-0719

Twitter Facebook Instagram Youtube Linkedin
© 2023 Templeton & Company. All Rights Reserved. Website by Weber & Co.
Services
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
Industries
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
Firm
  • Overview
  • Our People
  • Our Community
  • Templeton Group
  • Overview
  • Our People
  • Our Community
  • Templeton Group
Careers
  • Experienced
  • Students
  • Benefits
  • Experienced
  • Students
  • Benefits
Cleantalk Pixel