
Construction and Cyber Risk: An Overview
Contributed by Angela McKerlich, Capri Insurance
Tender closings, electronic plan rooms, storage of documents and drawings, equipment buy and sell, and Linkedin. These are only a few examples of how advances in technology have increased efficiency, productivity, and precision in the construction industry — and to virtually every business and industry. It has also added another element of complexity for owners and executives to manage.
Behind this online world for each business lives the IT machines that make it go. Hardware, software, servers, back-ups (physical and cloud-based) are deployed by in-house or third party IT specialists with an almost blind faith from management, in hopes that the anti-virus, spam filters, patches, and other proactive measures are effective in preventing a breach. This is the new reality of the cyber world in construction. This type of risk is hidden and is not as tangible as other risks. Most businesses recognize the overt nature of risks such as a fire or a slip and fall and select insurance to ensure their business would be able to withstand a loss caused by such perils. Cyber insurance coverage is not yet dealt with in this same regard, but the devastation it can wreak on a business has the potential to be just as catastrophic.
A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process. The questions posed in these applications — including how data is backed up, how fast operations can be reestablished in the case of an attack, and who the best cyber-restoration partners are — quickly determine whether your protocols for preventing a cyber-attack are adequate and consistent with best practices.
Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own standalone policy. While it is recognized that every business has different needs, the minimum coverages for a cyber policy is 1st party coverage (including privacy breach notification expenses, restoration of systems etc.) and 3rd party liability. As legislation becomes more stringent and demanding of the security surrounding the private information of customers, the need for adequate 3rd party cyber liability limits is paramount. The buyer must beware of inexpensive insurance solutions offered as many of these extensions of coverage provide only counselling services in case of a breach. To compare with traditional insurance, that would be similar to having someone coaching you on how to repair drywall when really what you need is someone to come and fix the wall!
These coverages have the potential of creating a false sense of security if not understood properly. There is value in having these resources available on the line for consultation, but it is important to recognize that they won’t be the boots on the ground dealing with your breach or system failure.
Insurance advisors are now actively introducing the concept of cyber insurance to their customers. These discussions must occur and be translated to owners and managers with real-life operational examples to make the risk tangible. High profile cyber-attacks do not necessarily resonate with smaller businesses. However, when contractors recognize that they can be hacked, held ransomed for days, or be victims of social engineering fraud, they understand the devastation this would have on their businesses.
Claims Example of Social Engineering Fraud
The controller of a private distributor of component parts was responsible for making regular payments to overseas vendors from which the company purchased product for resale in the United States. After many months of working with the vendor and receiving regular shipments, the controller received an email that appeared to come from his contact, indicating that the vendor’s bank was having issues with accepting payments, and asked if the next payment could be made to a new bank. The vendor was located overseas, making verification a challenge. After some pressure was applied by the supposed vendor, the invoice was paid by wire transfer. The following month, when the real vendor realized that its best customer was late on its payment, an investigation determined that the vendor’s email was hacked and an imposter had been socially engineering the company into believing that the change in bank information was authentic. In the end, almost $250,000 was handed over to the fraudster.
Should you wish to have further information or discussion, please give any of our trusted construction advisor’s a call!
Angela McKerlich, Contract Surety Advisor
Brad Sieben, Cyber Advisor, Kelowna
Ryan Fairburn, Construction Risk Advisor, Vernon
Paula Garrecht, Construction Risk Advisor, Kelowna
Lana Hunnie, Construction Risk Advisor, Kelowna
Matt Arruda, Construction Risk Advisor, Kelowna
Morly Bishop, Construction Risk Advisor, Kamloops
Angela is a partner at Capri Insurance, where she manages the construction surety division. Angela has worked in the insurance industry for over 25 years and is a leading expert in innovative surety solutions, educating and teaching contractors, public owners, consultants, accountants, and trade students.
This article first appeared in the Fall 2017 issue of SICA's Construction Review Magazine. To read the entire magazine click here.

.png)
BC Government Releases Standardized Housing Designs

BCCA Industry Alert

WorkSafeBC Press Release

SICA Golf Tournament June 7th 2024

Unlocking Efficiency and Innovation: The Power of Building Information Modelling (BIM)

SICA Contractor's Breakfast 2024

BC Budget 2024

Revolutionizing Canada's Construction Industry: The Federal Prompt Payment Legislation

Young Builders Launch Party Wrap Up

CCO Workshop 2024

Membership Appreciation Evening Wrap Up 2023

CCA Hill Day 2023

EBT Flu Clinic Dates

SICA Golf Tournament September 2023

Long Term Members 2022/2023
.png)
Trap & Skeet 2023 Wrap-up

SICA Golf Tournament June 23rd 2023

Industry Awards of Excellence

BC Land Title & Survey Online Filing Process


Join the Virtual Webinar
.png)
The SICA September Golf Tournament was a hit!


Farewell to our Education Admin and Hello to our new SICA staff 2022

CCO Workshop 2022
.png)
MOTI and Infrastructure BC Seeking Interest From Qualified Firms For BC Highway Reinstatement Program RFQ

Prompt Payment Included in ‘Report on the Budget 2022 Consultation’

Regional Construction Associations Partner with BCCA Employee Benefit Trust to Provide Flu Shots for Industry

B.C. associations call on province to practice fair, transparent procurement

SICA announces 2020/2021 Industry Awards of Excellence Finalists

2021 Annual Report

Kelowna Crane Incident Legacy Education Fund
#Hangahighvisoutside

Brooklyn Site Crane Accident Statement

Construction Fast Lanes for COVID-19 Vaccine

Every Child Matters - Indigenous History Month
.jpeg)
Latest Construction Industry Statistics Reveal Strength Despite Pandemic Challenges
.jpeg)
BCCA Response to BC Budget 2021
.png)
CCA Responds to 2021 Federal Budget

Construction Month 2021

BuildForce Canada releases annual 10-year forecast

SICA training courses prove practical and meaningful to students

2021 Gold Seal Program Changes

Building Forward: Virtual Conference 2021

Nomination Period Opens for SICA’s Industry Awards of Excellence

Meet SICA's 2020 New Board Members

SICA's 2020 Annual Report

COVID-19 Update
Membership Benefits
As a Member you are a part of a collective voice, the SICA voice. Together, our voice is changing the construction community and helping your business grow through advocacy, networking events, affinity programs, direct business leads and more. Our voices promotes fairness, transparency and open communication in the construction industry. Join SICA to grow your business today and be a voice for our industry tomorrow.
JOIN NOW