
Construction and Cyber Risk: An Overview
Contributed by Angela McKerlich, Capri Insurance
Tender closings, electronic plan rooms, storage of documents and drawings, equipment buy and sell, and Linkedin. These are only a few examples of how advances in technology have increased efficiency, productivity, and precision in the construction industry — and to virtually every business and industry. It has also added another element of complexity for owners and executives to manage.
Behind this online world for each business lives the IT machines that make it go. Hardware, software, servers, back-ups (physical and cloud-based) are deployed by in-house or third party IT specialists with an almost blind faith from management, in hopes that the anti-virus, spam filters, patches, and other proactive measures are effective in preventing a breach. This is the new reality of the cyber world in construction. This type of risk is hidden and is not as tangible as other risks. Most businesses recognize the overt nature of risks such as a fire or a slip and fall and select insurance to ensure their business would be able to withstand a loss caused by such perils. Cyber insurance coverage is not yet dealt with in this same regard, but the devastation it can wreak on a business has the potential to be just as catastrophic.
A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process. The questions posed in these applications — including how data is backed up, how fast operations can be reestablished in the case of an attack, and who the best cyber-restoration partners are — quickly determine whether your protocols for preventing a cyber-attack are adequate and consistent with best practices.
Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own standalone policy. While it is recognized that every business has different needs, the minimum coverages for a cyber policy is 1st party coverage (including privacy breach notification expenses, restoration of systems etc.) and 3rd party liability. As legislation becomes more stringent and demanding of the security surrounding the private information of customers, the need for adequate 3rd party cyber liability limits is paramount. The buyer must beware of inexpensive insurance solutions offered as many of these extensions of coverage provide only counselling services in case of a breach. To compare with traditional insurance, that would be similar to having someone coaching you on how to repair drywall when really what you need is someone to come and fix the wall!
These coverages have the potential of creating a false sense of security if not understood properly. There is value in having these resources available on the line for consultation, but it is important to recognize that they won’t be the boots on the ground dealing with your breach or system failure.
Insurance advisors are now actively introducing the concept of cyber insurance to their customers. These discussions must occur and be translated to owners and managers with real-life operational examples to make the risk tangible. High profile cyber-attacks do not necessarily resonate with smaller businesses. However, when contractors recognize that they can be hacked, held ransomed for days, or be victims of social engineering fraud, they understand the devastation this would have on their businesses.
Claims Example of Social Engineering Fraud
The controller of a private distributor of component parts was responsible for making regular payments to overseas vendors from which the company purchased product for resale in the United States. After many months of working with the vendor and receiving regular shipments, the controller received an email that appeared to come from his contact, indicating that the vendor’s bank was having issues with accepting payments, and asked if the next payment could be made to a new bank. The vendor was located overseas, making verification a challenge. After some pressure was applied by the supposed vendor, the invoice was paid by wire transfer. The following month, when the real vendor realized that its best customer was late on its payment, an investigation determined that the vendor’s email was hacked and an imposter had been socially engineering the company into believing that the change in bank information was authentic. In the end, almost $250,000 was handed over to the fraudster.
Should you wish to have further information or discussion, please give any of our trusted construction advisor’s a call!
Angela McKerlich, Contract Surety Advisor
Brad Sieben, Cyber Advisor, Kelowna
Ryan Fairburn, Construction Risk Advisor, Vernon
Paula Garrecht, Construction Risk Advisor, Kelowna
Lana Hunnie, Construction Risk Advisor, Kelowna
Matt Arruda, Construction Risk Advisor, Kelowna
Morly Bishop, Construction Risk Advisor, Kamloops
Angela is a partner at Capri Insurance, where she manages the construction surety division. Angela has worked in the insurance industry for over 25 years and is a leading expert in innovative surety solutions, educating and teaching contractors, public owners, consultants, accountants, and trade students.
This article first appeared in the Fall 2017 issue of SICA's Construction Review Magazine. To read the entire magazine click here.


2021 Gold Seal Program Changes

Nomination Period Opens for SICA’s Industry Awards of Excellence

Meet SICA's 2020 New Board Members

SICA's 2020 Annual Report

COVID-19 Update

2019 Industry Awards of Excellence Winners

SICA announces 2019 Industry Awards of Excellence Finalists

Nominations sought for SICA’s Industry Awards of Excellence

The 19th Annual CCO Workshop

2018: Year in Review

The SICA Fund in Action at Peter Greer Elementary

Celebrating the Holiday Season with SICA

Winter Safety Tips

50th Parallel Estate Winery Named Commercial Building Awards Winner

8th Annual Chair Dinner & Awards Celebrates Industry Leaders

Emil Anderson Construction Wins 2018 SICA Innovation Award

Record-tying number of Commercial Building Award Finalists

REPOST: Pattullo Procurement Strategy Takes BC Construction a Bridge Too Far

Response to the Province’s Community Benefits Agreement Announcement
2018 Kamloops Trap & Skeet
2018 SICA Golf Tournament
2nd Annual Family Fishing Derby

Celebrating our Own - Terry Brown Receives CCA's Person of the Year Award
10th Anniversary of Heavy Metal Rocks in Kamloops

Celebrating Construction Month at Thompson Rivers University

Construction Industry Celebrates BC Construction Month at Okanagan College
Unsung Benefits

Message Delivered, Message Received

TAX ALERT – Government Simplifies Measures to Rein in Income Sprinkling

Member Spotlight: Ok Excavating

Construction and Cyber Risk: An Overview

The Devil is in the Details: A Cautionary Tale about Filing Builders Liens

Could Tax Issues Throw Your Business Off Track?

Top Five Reasons for Having an Employee Benefits Plan

Kelowna Police Services Building wins Commercial Building Awards

Looking to Grow and Expand | Are you thinking far enough ahead?

A Businesslike Approach to Safety – A Safety Management System

Record number of Commercial Building Awards Finalists

Obligation of Good Faith in Contracting

Embracing the Purpose Era

All in the Family | Generations in business share their secrets

Insurance: Wrap Up versus Non Wrap Up. It’s important to know the difference. Do you?

5 ways your accountant can support you in strong real estate market

Maximizing Efficiency in Dispute Resolution: Help Tell Your Story

When does an hour bank plan make sense?

Member Spotlight: Argus Properties

Building Information Modelling: A powerful tool for design efficiency

Heavy Lifting | A program for students interested in heavy equipment operation
RGB.jpg)
Member Spotlight: Secure-Right Mobile Storage Inc.
Membership Benefits
As a Member you are a part of a collective voice, the SICA voice. Together, our voice is changing the construction community and helping your business grow through advocacy, networking events, affinity programs, direct business leads and more. Our voices promotes fairness, transparency and open communication in the construction industry. Join SICA to grow your business today and be a voice for our industry tomorrow.
JOIN NOW