Why construction companies are targeted by cybercriminals


Construction companies are under attack daily from cybercriminals. One email in 2,349 sent to the construction industry in 2015 was a phishing email and one in 240 contains a virus, according to the latest Symantec Internet Security Threat Report. More worryingly, there were 3,700 reported security breaches in the sector.

90% of large organisations and 74% of small organisations had a security breach in 2015, according to PWC research for the British Government.

No business can afford to be complacent in the face of this evidence. Prevention is essential but companies also need to ensure that their security plans also deal with detecting attacks, mitigating them, business continuity and disaster recovery.

Construction under attack

Regardless of the size of your company, you are privy to confidential information from customers, such as contact details and addresses, credit history checks, and maybe even banking details. For some construction companies, information such as planning applications, design details, quotes and so on are commercially sensitive.

This is all information that is worth a lot of money online, making it a worthwhile risk for cybercriminals to try and steal it from you. On a grander scale, there is also the problem of industrial espionage. If your company is working on a huge project, less honest competitors may want to contract somebody to grab every bit of information they can get from you (involuntarily, of course). The largest projects can be market sensitive as well, so that insider information is intrinsically valuable.

Typical cyber threats

Virus attacks:

  • The most common cyber threats. Phones, tablets, laptops, PCs, servers and even websites can be attacked by viruses and, increasingly, they try to remain undetected while they send your confidential data to attackers but there is also a worrying rise in ransomware attacks which lock you out of your data until you pay a hefty ransom.


  • E-mails or other direct messages, like a Facebook or Instagram private message, will send you to a landing page where you will be required to submit confidential information, such as your banking details or login details. As with viruses, a multi-layered technical defence with firewalls, updates and anti-virus filtering can give a good measure of protection if it is up to date.


  • Cybercriminals can remotely access your network by bypassing your IT security if it is not up to snuff. Using a mix of technology, psychology and social engineering, deliberate attacks can bypass conventional security measures. This means that companies need to pay attention to access controls and compartmentalisation as well as staff awareness training.

Physical theft:

  • Breaking into an office or a site-trailer and stealing every electronic device in sight also constitutes a form of cyber threat. Once in the wrong hands, getting whatever valuable information from a SD card, a stolen hard drive, hard drive or even the SIM card of a phone is relatively easy for a tech savvy criminal. Mobile devices need extra protection, including two-factor or biometric authentication and encryption to prevent unauthorised access to data.

Contributing factors

As a company active in the construction industry, the nature of your business dictates a high turnaround of resources – human and material – as projects start and finish. Subcontractors and temporary specialised labourers who are spread across a varying number of project sites equates to a lot of phones, laptops, mobile desktop trailers and different access points to the various IT solutions you have in place. If your IT strategy and security is not up to the mark, the loss or theft of a mere tablet could cost you dearly.  

Use technology, but protect it as well

There is no way around it; technology is both a huge asset and a necessity to any company, including those operating in the construction industry. When done right, a cloud-based, well- encrypted, up-to-date and secured data ecosystem offers nothing but advantages as you have new time-saving and scalable resources at your disposal. That said, you need to be cognisant of the following:

  • Access-levels, security and compliance protocols for all your end-users.
  • Infrastructure security, for instance by using Microsoft business security tools.
  • Fall-back systems and disaster response procedures.
  • Third party liability insurance in case you are successfully attacked.

Fortunately, you don’t need to hire a full contingent of highly specialised IT-warriors just yet. There are many IT support services available to construction industry businesses of all sizes. With these, you can run your operations knowing full-well that you have an IT structure that is stable, cost-effective, agile and above all, secure.

Have you been thinking about checking up on your IT security and how you can improve your overall IT experience so that your company can focus on what they do best? Then download our guide to find out more about what IT solutions can do for you.