The construction industry is becoming increasingly digitalized. While the adoption of new technologies and digital processes brings a number of advantages to construction businesses, it also increases the risk of being targeted by a cyberattack.
A National Cyber Security Centre and Chartered Institute of Building report found that construction businesses may be viewed as easy targets by cyber criminals. This report found that many smaller and mid-sized companies can be reluctant to invest time, money, and training into what they perceive as an unlikely threat.
Additionally, the report reveals that construction businesses are a common target for spear phishing – a type of email scam purporting to be from a known or trusted sender and designed to mislead the recipient into revealing confidential information – as a result of their extensive use of subcontractors and suppliers, leading to a large number of high-value payments to third parties.
Cyber risk has grown exponentially in recent years as more sophisticated and persistent cyberattackers continue to target the ever-increasing number of technology-reliant organizations in different industries around the globe.
The rise in the number of claims, together with a more hazardous risk landscape, has led to higher cyber insurance rates and increased underwriting scrutiny. And while Marsh data shows that cyber insurance take-up rates have steadily increased in the last several years, there is still a widespread misunderstanding about the value of cyber insurance and questions about the process to secure coverage.
In a recent episode of Marsh’s Risk in Context podcast series, we address some of the most common cyber insurance myths, including:
- Cyber is uninsurable
- Cyber security measures eliminate the need for cyber insurance
- Cyber insurance policies don’t pay claims
- Procuring cyber insurance is overly cumbersome