Do you remember the Target data breach at the height of the 2013 holiday shopping season? It exposed sensitive information from 70 million customer records as well as 40 million credit and debit records. The incident cost Target $202 million and ranks among the biggest data breaches in United States retail history.
You may not remember or have realized how this breach illustrates the importance of cyber security for contractors. Hackers used credentials they stole through a data connection Target maintained with one of its third-party contractors, a refrigeration and HVAC vendor.
Nearly a decade later, contractors’ cyber security—or lack thereof—remains a pressing concern.
Most recently, cyber risks that construction contractors face have been in the spotlight. Construction companies reported 13.2% of ransomware attacks in North America in 2021, according to SafetyDetectives. That figure puts them behind only manufacturing (13.9%) and government organizations (15.4%).
And experts warn cyber attacks against construction firms could do more than jeopardize sensitive data and compromise the supply chain. The attacks could threaten automated systems that ensure the integrity and safety of materials.
At ProWriters, we know brokers sometimes find Cyber Liability Insurance (“Cyber”) a tough sell to contractor firms. These business owners often think they aren’t at substantial risk of a cyber incident.
Once, they may have been correct. But now contractors can’t assume they have low exposure to data breaches, ransomware attacks, business email compromise (BEC), or other cyber incidents.
Here’s some basic information about Cyber for contractors. Use it to educate your contractor clients about their risk. Use it also to help convince them they need the protection and peace of mind Cyber Insurance coverages provide.
Why Contractors Are Facing Greater Cyber Liability Risks
Granted, many contractors’ websites don’t process financial transactions. Payments may happen face-to-face or via wire transfer. But any website, whether it accepts payments or not, can become a criminal’s back door into a business. Even small and medium-sized enterprises—contractors included—incur some cyber risk when they use the internet.
Let’s look again at construction companies. Several factors make them a tempting target for threat actors, according to the National Law Review. The construction industry:
- Leaves cyber security largely unregulated
- Conducts transactions involving “significant amounts of personal information and sensitive business data,” often from several parties
- Uses an increased amount of artificial intelligence and robotics, thus raising more data security and privacy issues
Construction Executive points to many reasons contractors in this sector are vulnerable. Among them:
Social engineering is prevalent.
Social engineering attackers use deceptive phishing emails or other messages to trick targets into voluntarily transferring credentials or property, including money via wire transfers.
In 2019, construction IT expert Everardo Villasenor told Engineering News-Record, “Phishing is the biggest risk because there are many financial transactions conducted over electronic communications.”
Contractors have exploitable access to clients.
Businesses may give contractors access to their networks and internal processes. Contractors need such access to do their work. But criminals can abuse it.
In addition, contractors often use their own computers to connect to clients’ networks. For instance, the laptop an electrical subcontractor uses may not have strong cyber security software in place or may already be infected with malware.
Cyber crime can disrupt business and damage reputations.
Cyber attacks not only put sensitive information like building designs and credit card numbers at risk of exposure, but they can also make it impossible for contractors to communicate with clients, subcontractors, and vendors, leading to project delays and lost profit.
And fairly or unfairly, cyber incidents can deal a blow to a contractor’s reputation. Prospective clients may think twice about hiring a contractor. Existing clients may also get cold feet and take their business elsewhere.
Helping You Explain Why Cyber Insurance for Contractors Matters
Again, construction contractors aren’t the only ones facing increased cyber risk. All contractors who use interconnected technology to do business should pay more attention to cyber threats.
If they don’t, they may end up paying more money than they can afford.
Per IBM, the average cost of a data breach in the U.S. is $9.44 million. The price tag is less for small businesses—but costs of $120,000 to $1.24 million are still significant, and too much for many small enterprises to bear.
Cyber Insurance coverages can help contractors meet the costs associated with a cyber incident. These costs, not normally covered in Commercial General Liability Insurance or even in typical crime policies, include:
- Ransomware payments and financial loss due to social engineering
- Forensic IT costs to determine the exact cause and extent of a data breach
- Losses incurred during business interruption
- Attorneys’ fees and other legal costs
- Cost of providing credit monitoring to affected third parties
- Public relations campaigns and losses due to reputational harm
In addition, Cyber Insurance for contractors can give them an edge when competing for contracts. Potential clients will know the contractor takes cyber security seriously. Indeed, more clients now require that contractors carry a Cyber Liability policy.
For more help making your contractor clients aware of their cyber risk, download our free eBook, Cyber Exposure: What’s the Real Cost? It can help you make the case for Cyber for contractors in any industry.