If you work in the industry, you are likely all too familiar with the usual risks involved in construction. Many construction company owners, however, don’t consider the dangers that could lurk in their inboxes. Take this scenario, for example.
You receive an email from your largest client asking you to confirm an invoice is paid. Confused, you respond that you didn’t send an invoice, and to your shock, he forwards you an emailed invoice that looks like it came from you. You check your sent mail and confirm with team members that no invoice was sent. Then you notice the account number isn’t yours and you don’t recognize the information.
After some quick investigating, you discover your system has been hacked and your client just sent thousands of dollars to a criminal. Your client will likely never get the money back, and now one of your biggest clients is worried you don’t have good security measures in place.
Unfortunately, this is a real story that happens daily in the U.S. Construction companies who haven’t faced a situation like this often think cyber security doesn’t apply to them. After all, you have an insurance policy to cover it, right? Well, maybe. Gaps in your coverage could make you liable for more than you think.
Cyber Risks in Construction
With the growing use of technology in the construction industry, firms are more vulnerable than ever to cyber security threats. The amount of work done on online with computers or tablets—from building information modeling (BIM) to invoices and everyday communication—exposes construction companies to countless security threats and cyber liability. If a company isn’t adequately protected against cyber attack, the costs could be financially crippling.
Cyber attacks are a constant threat and can expose companies to major liability. For example, if you unknowingly send someone a virus that attacks their computer system and gives a hacker access to sensitive personal information, it could come back as a claim against your cyber liability policy. The problem is there is no standard policy, and what’s covered can vary among the options.
Cyber policies with limited coverage can be added as an endorsement to your general liability policy, but a stand-alone policy will provide much better coverage and protect you from a broader range of issues.
Some things to look for in your cyber coverage include:
Data breach/privacy code — This should spell out who is responsible for expenses related to the management of an incident, such as the investigation, remediation, data subject notification, call management, credit checking for data subject, legal costs, court attendance and regulatory fines.
Multimedia/media liability — If your employees post to social media on the jobsite or take photos and videos, there is always the possibility of them getting footage of injuries or safety violations. In addition to having a social media policy in your employee handbook — including how the name of the company can be used — you can also customize your insurance policy to cover any potential liability. Covered third-party damages can include specific defacement of a website and intellectual property rights infringement.
Extortion liability — This will address losses if criminals take control of your network and block your access until you pay them a ransom. Coverage also includes professional fees for dealing with extortion.
Network security — This will detail third-party damages as a result of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.
Some of these elements may overlap with coverage from existing products, including those for business continuity, third-party supply chain issues, and professional indemnity. Work with your insurance agent to ensure that even if an overlap exists, your cyber liability policy will cover identified risks.
While the ripple effect of high-profile cyber attacks seems to regularly make the news, any type of cyber breach can cripple an organization (e.g., cause costly downtime or damage to reputation). Align yourself with the right risk management and IT teams, and you’ll be less likely to fall victim to these attacks. The experienced and knowledgeable cyber risk team at McClone is here to provide guidance and practical recommendations to help protect your business.
Previously published in the October 2016 issue of Construction Business Owner
Specializing in national accounts headquartered in Wisconsin, we are your comprehensive risk management partner for business insurance, employee benefits, HR solutions, 401K services and personal insurance to protect and boost your bottom line.