Construction and Cyber Risk: An Overview

Contributed by Angela McKerlich, Capri Insurance

Tender closings, electronic plan rooms, storage of documents and drawings, equipment buy and sell, and Linkedin. These are only a few examples of how advances in technology have increased efficiency, productivity, and precision in the construction industry — and to virtually every business and industry. It has also added another element of complexity for owners and executives to manage.

Behind this online world for each business lives the IT machines that make it go. Hardware, software, servers, back-ups (physical and cloud-based) are deployed by in-house or third party IT specialists with an almost blind faith from management, in hopes that the anti-virus, spam filters, patches, and other proactive measures are effective in preventing a breach. This is the new reality of the cyber world in construction. This type of risk is hidden and is not as tangible as other risks. Most businesses recognize the overt nature of risks such as a fire or a slip and fall and select insurance to ensure their business would be able to withstand a loss caused by such perils. Cyber insurance coverage is not yet dealt with in this same regard, but the devastation it can wreak on a business has the potential to be just as catastrophic.

A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process. The questions posed in these applications — including how data is backed up, how fast operations can be reestablished in the case of an attack, and who the best cyber-restoration partners are — quickly determine whether your protocols for preventing a cyber-attack are adequate and consistent with best practices. 

Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own standalone policy. While it is recognized that every business has different needs, the minimum coverages for a cyber policy is 1st party coverage (including privacy breach notification expenses, restoration of systems etc.) and 3rd party liability. As legislation becomes more stringent and demanding of the security surrounding the private information of customers, the need for adequate 3rd party cyber liability limits is paramount. The buyer must beware of inexpensive insurance solutions offered as many of these extensions of coverage provide only counselling services in case of a breach. To compare with traditional insurance, that would be similar to having someone coaching you on how to repair drywall when really what you need is someone to come and fix the wall!  

These coverages have the potential of creating a false sense of security if not understood properly. There is value in having these resources available on the line for consultation, but it is important to recognize that they won’t be the boots on the ground dealing with your breach or system failure.

Insurance advisors are now actively introducing the concept of cyber insurance to their customers. These discussions must occur and be translated to owners and managers with real-life operational examples to make the risk tangible. High profile cyber-attacks do not necessarily resonate with smaller businesses.  However, when contractors recognize that they can be hacked, held ransomed for days, or be victims of social engineering fraud, they understand the devastation this would have on their businesses. 

Claims Example of Social Engineering Fraud

The controller of a private distributor of component parts was responsible for making regular payments to overseas vendors from which the company purchased product for resale in the United States. After many months of working with the vendor and receiving regular shipments, the controller received an email that appeared to come from his contact, indicating that the vendor’s bank was having issues with accepting payments, and asked if the next payment could be made to a new bank. The vendor was located overseas, making verification a challenge. After some pressure was applied by the supposed vendor, the invoice was paid by wire transfer. The following month, when the real vendor realized that its best customer was late on its payment, an investigation determined that the vendor’s email was hacked and an imposter had been socially engineering the company into believing that the change in bank information was authentic. In the end, almost $250,000 was handed over to the fraudster.

Should you wish to have further information or discussion, please give any of our trusted construction advisor’s a call!

Angela McKerlich, Contract Surety Advisor
Brad Sieben, Cyber Advisor, Kelowna
Ryan Fairburn, Construction Risk Advisor, Vernon
Paula Garrecht, Construction Risk Advisor, Kelowna
Lana Hunnie, Construction Risk Advisor, Kelowna
Matt Arruda, Construction Risk Advisor, Kelowna
Morly Bishop, Construction Risk Advisor, Kamloops

Angela is a partner at Capri Insurance, where she manages the construction surety division. Angela has worked in the insurance industry for over 25 years and is a leading expert in innovative surety solutions, educating and teaching contractors, public owners, consultants, accountants, and trade students.  

This article first appeared in the Fall 2017 issue of SICA's Construction Review Magazine. To read the entire magazine click here.

8F - 2006 Mack Dump Truck.jpg
December 13, 2017

Member Spotlight: Ok Excavating

Adaptability, initiative, and customer service are the keys to longevity for a local commercial and residential excavation business in Kelowna. OK Excavating is celebrating 50 years of business in 2017 and, in those years, has undergone many evolutions.
Read More
7-1 BCCA Trish before.jpg
December 06, 2017

Employee Benefits are Your Secret Weapon when Life Gets Tough!

As a Client Services Associate with BCCA Employee Benefits, my job revolves around helping companies and their employees with their benefits. I know how important my work is, but when I started new jobs in the past, I often wondered whether the premiums were worth it. I am young and healthy, so is it worth the cost? I learned the true value of having employee benefits when, in a moment frozen in my mind, I heard the dreaded “c” word – cancer.
Read More
November 29, 2017

Construction and Cyber Risk: An Overview

A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process.
Read More
November 15, 2017

Could Tax Issues Throw Your Business Off Track?

To stay on track, real estate and construction companies should develop a better understanding of where tax issues are likely to complicate or disrupt their business — and develop a plan to mitigate those risks well in advance.
Read More
November 08, 2017

Top Five Reasons for Having an Employee Benefits Plan

One of the biggest investments employers can make is in their employees. And it makes sense to want productive, healthy, and engaged employees. Employees with poor health cannot exert the effort required to be highly productive, and you need engaged employees in order to create innovative solutions.
Read More
August 30, 2017

Obligation of Good Faith in Contracting

The Supreme Court of Canada changed the legal landscape for contracts in the decision of Bhasin v. Hrynew, [2014] SCC 71. This decision created a new common law obligation of good faith that applies to all commercial contracts.
Read More
August 23, 2017

Embracing the Purpose Era

Regardless of the size of your business or the sector you operate in, the purpose movement is shaking up the rules of business and ringing in a new era where business is an active participant in making the world a better place.
Read More
April 05, 2017

Reaching the Millennials | Attracting the right people is in how the story is told

With businesses adjusting to the era of the happy workplace, concepts such as social responsibility, company culture, and employee engagement are common buzz words used around the open-concept, flexible, shared workspace. They are used more so as companies shift their recruiting focus toward the millennials, the largest generation in the workforce today.
Read More
May 09, 2016

SICA's New Website Launches

We are excited to announce that our new website is live! We have been busy working behind the scenes and are so excited for you to utilize all the new features.
Read More
October 15, 2015

Kelowna Yacht Club takes top honors

Kelowna Yacht Club was the Judges’ Choice best overall entry winner in the 7th Annual Southern Interior Construction Association Commercial Building Awards Thursday night at the Coast Capri Hotel.
Read More

Commercial Building Awards - Finalists Announced!

A spectacular assortment of commercial and industrial buildings have been named as finalists for the 8th Annual Southern Interior Construction Association Commercial Building Awards, set for Thursday, Oct. 27 at the Four Points Sheraton Hotel in Kelowna.
Read More