top of page

Survey reveals that 75% of businesses in construction industry hit by cyber-attacks in the last year

Whilst cyber-attacks on larger businesses make the news, such attacks on SMEs can break the bank.

With concrete evidence showing that 21% of businesses that identified security breaches ended in losing money, data, or other assets, and 81% of consumers opting for no involvement with companies that had suffered a data breach, the cost of a cyber-attack could be long-lasting.

As a construction business employing modern technologies, you might feel safe in the knowledge that the bulk of your operations take place offline and therefore assume that you are less vulnerable to cyber threats than businesses in other industries. Sadly, this is a common misconception as you don’t need to be a digital business to be a lucrative target for cyber criminals. In fact, over 75% of respondents within the construction, engineering and infrastructure industries replied to a recent Forrester survey revealing that they had been victim to a cyber incident within the last 12 months.

Let us ask the following questions:

  • Do you use a smartphone, tablets, and email to communicate with clients and suppliers

  • Do you store files from contracts to CAD drawings in cloud storage?

  • Do you have a corporate bank account and access this online or send quotes/invoices via email?

If you answered yes to any of those, then sadly you are at risk of becoming a victim of cybercrime. Ransomware is one of the main types of cyber-attacks that businesses in the construction industry are facing, this is where cybercriminals hold a operating system (usually a computer) hostage and then demands payment to restore access.

An example of this occurred when hackers were able to exploit a vulnerability in the company website of a construction services provider. The hackers were able to carryout a ransomware attack and encrypt the companies’ files and demand a ransom payment before access would be restored.

Entry points for cyber-attacks in construction

Here are a few of the tools you might be using day-to-day, and how they could be affected by a cyber-attack:

  • BIM (Building Information Modelling), 3D Printing, or CAD programmes – hackers could potentially change digital models and specifications to ultimately weaken the structure, posing real physical danger to your onsite employees and end users. They may even steal proprietary designs, impacting your competitiveness in the market.

  • Drones – popularly used in surveying, access to drone footage risks exposing commercially sensitive information such as site safety measures or building layouts.

  • Staff management software – unauthorised access to your staff’s shifts, employment information and personal details could result in anything from a muddled rota to identity theft.

  • Secure entry systems – security card passes are at risk of being cloned and digital locks could be controlled remotely, potentially locking employees out or allowing unauthorised personnel in.

  • Customer information – Bank account numbers, sort codes and email addresses are just some of the data you’ll be holding on your customers. When this is compromised, you risk real harm being inflicted upon them by malicious actors. There’s also the embarrassment of having to inform customers of what happened, impacting the organisation’s reputation.

  • Cloud-based software – the increased accessibility of cloud-based applications means an increased number of access points that cybercriminals could exploit.

  • IoT (Internet of Things) applications – IoT devices introduce a proliferation data without the security and visibility of more conventionally connected equipment, making them prone to hijacking and exposing the wider network to threats.

Raise the Roof of your Cyber Resilience

Once you’ve nailed the basics, it may seem like time to move on.

Unfortunately, online attackers are incredibly agile and can adapt quickly to overcome security protections, so your cyber security strategy will need to continuously evolve to keep up with the ever-changing risks.

Thankfully the Cyber Resilience Centre for the West Midlands is here to make sure you’re on the right path and offers a FREE core membership that gives you access to a range of free resources, toolkits, tips and support.

Alternatively, talk to us directly and let's lay the groundwork for your cyber security today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page