Cybercrime: Building An Effective Defense

Kathryn Richter has worked within the construction sector for more than 30 years.

SAN FRANCISCO—Cyberthreats against American businesses are increasing in scale, sophistication and severity, with global costs to businesses projected to exceed $2 trillion by 2019. Construction companies are not immune, and can be especially attractive targets if they frequently contract with government agencies, are involved in government-sponsored projects or partner extensively with other businesses. Companies in the construction industry that work on the same project are often extensively interconnected, sharing access to networks and highly confidential information. This makes them an attractive target for those seeking proprietary information and confidential business secrets such as bids, plans and specifications, which can be extremely valuable to competitors, domestic and foreign.

Despite the risk and the staggering costs of data breaches and cyber attacks, both as a business loss and a compliance risk under applicable contractual and governmental security requirements, many companies do not have a plan in place for dealing with them. According to the PwC Global Economic Crime Survey 2016, only 37% of respondents reported having a fully operational incident response plan in place. Almost a third had no plan at all, with 14% of respondents not even intending to implement one.