Securing the Construction Industry from the Growing Threat of Cybercrime

The construction industry is no stranger to digital transformation, but with the increased use of technology comes increased risk. Construction companies increasingly rely on technology to manage projects, store data, monitor progress and communicate with other vendors on projects. This makes them more vulnerable to cyber-attacks, which can have devastating consequences.

Cyberattacks are rising, with a 22% increase in significant attacks year over year, according to the Verizon Mobile Security Index 2022. Cybercriminals target construction companies to access confidential data, steal customer information, disrupt operations, or re-route payment or payroll transactions. For example, attackers may use malware to infect computers and gain access to financial information, passwords, and other sensitive data. They may also use phishing attacks to steal passwords or other information. With that information, they may try to change banking information, re-route payments, or ask you to pay them a ransomware rather than expose confidential or client information.

Cybercriminals Threaten the Construction Industry

Construction companies have been particularly susceptible to cyberattacks because cybercriminals know the industry is under protected. This is supported by a 2022 study by KnowBe4, which used simulated phishing techniques to demonstrate that wide-net cyberattacks like email phishing scams have been particularly effective in targeting the construction industry. Construction views cybersecurity as a lesser business priority: Just 64% say it’s a high priority versus 77% of businesses overall, according to the KnowBe4 study.

The construction industry is becoming increasingly reliant on digital tools and technologies, making it necessary to ensure that these tools are secure from cyber threats. The pandemic forced construction companies to replace in-person tasks with virtual equivalents. Adopting new technologies has helped companies achieve higher productivity by automating time-consuming administrative processes, simplifying communications and streamlining data management. However, these recent advances often come with more interconnectivity. Unfortunately, the more connected devices and software a company relies on, the more access points hackers can use to infiltrate that company’s cybersecurity system. Many industry leaders are concerned that mounting attacks must be met with adequate security measures. According to a study by Venafi, 82% of CIOs believe that their software chains are vulnerable to cyberattacks.

Protect Your Construction Company Against Cyber Threats

One of the most important steps that construction companies can take to protect their data is to ensure that all their systems and networks are properly secured. This includes:

  • Ensuring that all systems have the latest security patches
  • Limiting access to sensitive data
  • Using strong passwords and multi-factor authentication across all systems
  • Implementing advanced endpoint, network, and email security
  • Having a security operations center (SOC) watching your network 24x7x365
  • Security awareness training for employees

Many cyber criminals develop attacks by testing for weaknesses in software programs designed to protect against cyberattacks. If you haven’t implemented new cybersecurity tools in the last year, then you are probably outdated and the more outdated cybersecurity software is, the more time cybercriminals have had to find vulnerabilities. Having a dedicated IT team to help regularly monitor and update cybersecurity software systems can help organizations stay ahead of cybercriminals. If an in-house IT team is not feasible, having a dedicated vendor can help facilitate and maintain a company’s cybersecurity program.

Consider penetration testing. It reveals how a cyberattacker could get into the system through vulnerabilities. This can help prioritize which vulnerable areas of the system should be addressed first. The penetration test gives a real-world picture of what a cyberattacker could do, what data they could get hold of and how that would impact the construction company.

Also, it’s important to establish a communication plan with all the vendors you work with. Make sure you establish procedures for how payment information would be transmitted to one another that includes at least a phone call. On one project, there can be a lot of vendors involved and sizeable transactions taking place. The bad actors are banking on that and the lack of communication happening between them. This is an area they are targeting and often, funds are transferred to the bad guys before anyone realizes what has happened.

Free Download: Checklist for Better Cybersecurity


As the industry continues to expand and evolve, so does the need for cybersecurity. The construction industry faces a growing security threat, and companies must take the necessary steps to protect themselves. Cybersecurity should be a top priority for construction companies, and taking the necessary precautions can help them avoid costly financial losses. To start a discussion on cybersecurity management or penetration testing, contact an Adams Brown Technology Specialist.