Part One


True or False? The construction industry is the most targeted industry for cases of ransomware. You might question this statement and instead point to other industries that might come to mind, such as business services or finance. However, NordLocker found that the construction industry topped the list at 142 cases of ransomware attacks, surpassing the finance sector, which came in at 123, and business services, which totaled 99. In honor of National Construction Appreciation Week, which spans from September 18th to the 22nd, we wanted to take this opportunity to highlight an issue that has greatly affected the construction industry and provide some informational resources.

In Part 1 of this article, we will first review some common terminology used to refer to different cyber-related incidents and incorporate various statistics to illustrate how cyber-related incidents are becoming more prevalent. Part 2 of the article series will explore in detail the potential factual scenarios that could result and have concerning cyber-risk exposure for various construction and construction- related entities.

Defining Various Cyber Risk Exposures and Illustrating the Trends of how Cyberattacks have Evolved

While some are very familiar with the terminology used to describe various types and/or forms of cyber-related attacks, others are not, so it’s necessary to briefly review the following categories: ransomware, phishing, social engineering, and invoice manipulation. This list is not an all-inclusive one, but it does highlight just some of the common forms of cyberattacks that can have far-ranging and long-lasting impacts.

  • Ransomware: First, Verizon’s 2023 Data Breach Investigations Report (“2023 DBIR”) describes ransomware as “malicious software (malware) that encrypts an organization’s data and then extorts large sums of money to restore access.” Are the costs of a ransomware attack significant? Are those costs on the rise? In this same report, the answers to both of those questions are a resounding “yes” and “yes.” In fact, “[t]he median cost per ransomware more than doubled over the past two years to $26,000, with 95% of incidents that experienced a loss costing between $1 and $2.25 million.” Almost a quarter percent of all cyber breaches (24%) is attributed to ransomware, allowing for this particular cyber-attack method to continue to be one of the most frequently
  • Phishing: Next, phishing “involves a hacker sending a request, often in the form of an email, designed to look like it has been sent from a trusted organization or company. Phishing emails attempt to entice a recipient to give up sensitive data (such as a password) or download an attachment containing malware” as explained by Maryville University’s “Types of Security Breaches: Physical and Digital” article. How are other countries impacted by phishing? In the U.K., for example, it was found that of the cyber-attacks reported in 2022 83% of businesses in the U.K. indicated that phishing was involved according to AAG IT Services. On a global scale, in 2021 alone 323,972 internet users who were victims of cyber-incidents noted that phishing was the source. It’s a real problem that is affecting both businesses and individuals on a global scale!
  • Social Engineering: Phishing and social engineering are interconnected. Social engineering is defined by Verizon as “manipulating an organization’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.” There are multiple forms of social engineering at work today. In the 2023 DBIR report, it was noted that “social engineering is a lucrative tactic for cybercriminals, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC). The median amount stolen in BECs has increased over the last couple of years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year. With the growth of BEC, enterprises with distributed workforces face a challenge that takes on greater importance: creating and strictly enforcing human-centric security best practices.”
  • Invoice Manipulation: Finally, there is invoice manipulation. As explained by a LinkedIn article, “Fighting Cyber Crime: The Rise of Invoice Manipulation & Social Engineering Schemes,” invoice manipulation can occur when “[a] cyber criminal deceives [your client] by sending a false or manipulated invoice for goods or services that were not delivered or rendered.” As you can imagine, the construction industry, like many others, receives and processes payment for invoices frequently and for essential services and/or goods for its business to succeed. The differences between that of an authentic invoice and one manipulated to look like a legitimate invoice may be very slight and easy to miss, especially when there are high volumes of invoices received. If in doubt, take that extra time to verify – that short-term investment of time could have some very tangible benefits! For those interested in exploring coverage options available for invoice manipulation scenarios, such coverage would be considered third-party coverage. Essentially, such situations in the construction industry could arise where the bad actor could be impersonating either a construction client or an entity associated with that construction client, such as that of a supplier or a consultant. Then, the bad actor tricks the chosen target into paying funds to it rather to the authentic entity. Even for those construction firms that have sophisticated cyber controls in place, there really is not a means to avoid such invoice manipulation schemes, especially as they become more sophisticated.


The second article in this series will identify specific instances of cyber-compromise that have occurred in construction and/or construction-related industries, spanning from 2019 to 2020.


Synapse Services LLC does offer enhanced cyber insurance coverage options. Please contact one of our producers if you are interested in receiving more information about the enhanced options available.

By: Jessica Cambridge

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>