Skip to main content

Article

Top risks for contractors in H1 2025: Bidding and contracting, climate and sustainability, and cyber challenges

Explore top construction risks for contractors in 2025, including bidding & contracting, climate, and cyber challenges and learn risk mitigation strategies.

Contractors in the US are navigating an increasingly difficult risk landscape. Complex bidding and contracting risks, as well as elevated challenges due to severe weather events, and the potential repercussions of cyber threats are underscoring the need for proactive risk management strategies.

As construction firms continue to operate within a dynamic and often unpredictable risk environment, there is a growing imperative to strengthen risk mitigation efforts and optimize insurance programs. 

In our recent article — Top risks for contractors in H1 2025: Workforce, financial, and supply chain challenges — we explored three of the top risks outlined in Marsh’s Global Construction Risk Review 2025. In this article, we explore three other significant challenges that, unless properly addressed, could impact contractors’ competitiveness and growth.

selected option

Mitigating increasingly complex bidding and contracting risks.

As contractors navigate a hyper-competitive landscape, the risks associated with bidding and contracting become increasingly pronounced. Mounting pressure to submit competitive bids — often based on incomplete information — can push some contractors to present bids that are ultimately found to be insufficient for the scope of the project. Aside from the risks of financial distress if a project exceeds initial estimates, this situation may strain relationships with project owners. Many project owners have reduced the bid process to fee and general conditions, which does not allow much wiggle room for costs that are not directly related to trade. 

To better mitigate these risks, contractors must adopt robust risk management strategies during the bidding and contracting phases. When possible, it is ideal to conduct thorough due diligence — including a comprehensive review of project specifications, site conditions, and potential challenges — before submitting a bid. 

Contractors may also consider implementing a structured bidding process that includes input from various stakeholders to better inform decision-making and improve bid accuracy. It is also critical that business development, estimate, and risk management teams work together to vet projects and determine whether they are in line with their development strategies. Contract language can expose contractors to significant liabilities, underscoring the importance of carefully reviewing contract terms and conditions with legal counsel. Clear contractual language regarding responsibilities, payment terms, insurance procurement, and change order processes can help reduce the risk of misunderstandings and disputes.

Additionally, well-designed insurance programs — including owner-controlled insurance programs, contractor-controlled insurance programs, and builders’ risk policies — can protect against potential liabilities arising from unforeseen events, helping contractors enhance their overall risk management strategy. General liability coverage, for example, can protect against third-party claims for bodily injury or property damage.

Enhancing resilience amid more frequent and severe weather-related events

The frequency of severe weather-related events — including tornadoes, wildfires, and severe storms and flooding — is on the rise. According to the National Oceanic and Atmospheric Administration (NOAA), in 2024, the US experienced 27 disasters that exceeded one billion dollars in damages, totaling $182.7 billion. This surpasses both the average annual costs and the number of such events over the past five years, highlighting a concerning trend of increasing climate-related risks.

At the same time, extreme heat is a major concern that can bring financial challenges. In the US alone, the annual economic losses from extreme heat are estimated to be around US$100 billion and could double by 2030 and quintuple by 2050 unless climate change is addressed.

For project owners, developers, and contractors, severe weather events can lead to worker shortages, supply chain disruptions, and extensive property damage. And while less than 4% of US-based respondents to our survey selected environmental and climate risks as their top business challenge, our data shows that there is recognition of the potential challenges related to climate and sustainability risks. In fact, 93% of US-based respondents noted that climate and sustainability risks could impact costs, just under 90% said these risks could lead to regulatory burdens, and 65% said they would lead to physical damage (see Figure 1).

 

Figure 1: Climate and sustainability risks could lead to rising costs, regulatory concerns, and property damage

Sophisticated project owners are keenly aware of the potential impacts of severe weather events and are reviewing and assessing design standards to develop more resilient structures. There is also recognition of the increased frequency of catastrophic events, which is then reflected in design plans. Measures to address climate-related risks include raising site levels and ensuring that critical equipment is elevated. 

Despite the potentially devastating impact of severe weather, data from our global survey shows a relatively low adoption of climate risk management strategies  (see Figure 2 ). Less than a third of respondents carry out assessments of physical climate risks, including on their supply chains. Considering the complexity of supply chains, lack of visibility beyond tier 1 suppliers could lead to unforeseen challenges, underscoring the importance of using tools, such as Marsh McLennan’s Sentrisk, to help identify unknown vulnerabilities, potentially improving your ability to continue operating even when one supplier is affected by severe weather.

 

Figure 2: Low adoption of climate risk management strategies

Digitization puts increased focus on cybersecurity

Builders and contractors are integrating new technologies to improve efficiency and productivity and support growth. Data from our global survey shows that a significant percentage of construction firms are using or plan to use a variety of technologies to aid them in their work (see Figure 3).

Figure 3: Construction firms using a wide range of technologies

However, while these innovations provide numerous benefits — including improved project oversight, faster information flow, and potential cost savings — the rapid adoption of technology is introducing heightened cybersecurity risks. In fact, our global survey shows that more than a third of respondents have seen increases in phishing attacks, data breaches, and ransomware incidents over the last 12 months (see Figure 4). 

Cyber incidents increasing for more than a third of construction companies

The changing risk landscape underscores how critical it is for construction companies to implement cybersecurity measures that allow them to become more resilient to potential threats, especially these key risks:

  • Phishing. The rise of AI-generated deepfakes and highly convincing social engineering tactics emphasizes the importance of employee training in recognizing phishing emails and suspicious communications to minimize the risk of breaches. 
  • Data breaches. Construction companies increasingly use technology to generate, collect, and analyze real-time insights. Mishandling this information, whether through accidental disclosure or due to a malicious attack, can lead to regulatory penalties, legal liabilities, and reputational damage. Construction companies should consider developing or improving an existing comprehensive privacy strategy that determines how data is handled to protect both the company’s and its clients’ information. 
  • Ransomware. While recent Marsh data indicates a decline in ransomware payment rates, ransomware remains a significant threat. Attackers continue to target construction firms, encrypting critical data and demanding payments. Strong cybersecurity controls, regular backups, and robust incident response plans are vital to mitigating this risk. It’s also important to note that paying a ransom does not guarantee data recovery, underscoring the value of focusing on prevention. 
  • Supply chain risk. Construction firms rely on a complex network of suppliers, subcontractors, and technology providers. Today’s pervasive interconnectivity means that construction companies need to pay attention to the cyber risk controls of their third-party suppliers. Managing supply chain risks requires understanding the entire digital ecosystem, identifying and assessing potential risks coming from all sources, and taking action to minimize vulnerabilities from external sources.

As construction companies continue to digitize their operations, their exposure to cyber threats is likely to increase, requiring a comprehensive approach to mitigating these risks. Combining robust cybersecurity measures with tailored cyber insurance and regularly reviewing and updating security protocols can help firms stay ahead of emerging threats. 

Talk to us

Contact us to get in touch with a Construction specialist, request a demo to learn more about a specific solution, or submit a sales inquiry.

Related insights