Construction and Cyber Risk: An Overview

Contributed by Angela McKerlich, Capri Insurance

Tender closings, electronic plan rooms, storage of documents and drawings, equipment buy and sell, and Linkedin. These are only a few examples of how advances in technology have increased efficiency, productivity, and precision in the construction industry — and to virtually every business and industry. It has also added another element of complexity for owners and executives to manage.

Behind this online world for each business lives the IT machines that make it go. Hardware, software, servers, back-ups (physical and cloud-based) are deployed by in-house or third party IT specialists with an almost blind faith from management, in hopes that the anti-virus, spam filters, patches, and other proactive measures are effective in preventing a breach. This is the new reality of the cyber world in construction. This type of risk is hidden and is not as tangible as other risks. Most businesses recognize the overt nature of risks such as a fire or a slip and fall and select insurance to ensure their business would be able to withstand a loss caused by such perils. Cyber insurance coverage is not yet dealt with in this same regard, but the devastation it can wreak on a business has the potential to be just as catastrophic.

A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process. The questions posed in these applications — including how data is backed up, how fast operations can be reestablished in the case of an attack, and who the best cyber-restoration partners are — quickly determine whether your protocols for preventing a cyber-attack are adequate and consistent with best practices. 

Cyber risks are generally not covered under traditional commercial property or liability policies and often require their own standalone policy. While it is recognized that every business has different needs, the minimum coverages for a cyber policy is 1st party coverage (including privacy breach notification expenses, restoration of systems etc.) and 3rd party liability. As legislation becomes more stringent and demanding of the security surrounding the private information of customers, the need for adequate 3rd party cyber liability limits is paramount. The buyer must beware of inexpensive insurance solutions offered as many of these extensions of coverage provide only counselling services in case of a breach. To compare with traditional insurance, that would be similar to having someone coaching you on how to repair drywall when really what you need is someone to come and fix the wall!  

These coverages have the potential of creating a false sense of security if not understood properly. There is value in having these resources available on the line for consultation, but it is important to recognize that they won’t be the boots on the ground dealing with your breach or system failure.

Insurance advisors are now actively introducing the concept of cyber insurance to their customers. These discussions must occur and be translated to owners and managers with real-life operational examples to make the risk tangible. High profile cyber-attacks do not necessarily resonate with smaller businesses.  However, when contractors recognize that they can be hacked, held ransomed for days, or be victims of social engineering fraud, they understand the devastation this would have on their businesses. 

Claims Example of Social Engineering Fraud

The controller of a private distributor of component parts was responsible for making regular payments to overseas vendors from which the company purchased product for resale in the United States. After many months of working with the vendor and receiving regular shipments, the controller received an email that appeared to come from his contact, indicating that the vendor’s bank was having issues with accepting payments, and asked if the next payment could be made to a new bank. The vendor was located overseas, making verification a challenge. After some pressure was applied by the supposed vendor, the invoice was paid by wire transfer. The following month, when the real vendor realized that its best customer was late on its payment, an investigation determined that the vendor’s email was hacked and an imposter had been socially engineering the company into believing that the change in bank information was authentic. In the end, almost $250,000 was handed over to the fraudster.

Should you wish to have further information or discussion, please give any of our trusted construction advisor’s a call!

Angela McKerlich, Contract Surety Advisor
Brad Sieben, Cyber Advisor, Kelowna
Ryan Fairburn, Construction Risk Advisor, Vernon
Paula Garrecht, Construction Risk Advisor, Kelowna
Lana Hunnie, Construction Risk Advisor, Kelowna
Matt Arruda, Construction Risk Advisor, Kelowna
Morly Bishop, Construction Risk Advisor, Kamloops

Angela is a partner at Capri Insurance, where she manages the construction surety division. Angela has worked in the insurance industry for over 25 years and is a leading expert in innovative surety solutions, educating and teaching contractors, public owners, consultants, accountants, and trade students.  

This article first appeared in the Fall 2017 issue of SICA's Construction Review Magazine. To read the entire magazine click here.

March 22, 2021

2021 Gold Seal Program Changes

The Gold Seal Certification program certifies estimators, foremen, owner’s construction managers, project managers, safety practitioners and superintendents working in, or with, Canada’s non-residential construction industry.
Read More
March 16, 2020

COVID-19 Update

​Like you, SICA has been closely monitoring the ongoing global spread of the Novel Coronavirus (COVID-19).
Read More
October 04, 2019

2019 Industry Awards of Excellence Winners

SICA would like to congratulate all the finalists and the winners of SICA's inaugural Industry Awards of Excellence! Finalists and winners were honored yesterday, October 3rd, at the Award Presentation Dinner held at the Coast Capri Hotel in Kelowna, BC.
Read More
December 12, 2018

Winter Safety Tips

Working during winter feels more like survival of the fittest than an everyday challenge. The risks are much greater for employees who have to work and drive outdoors.
Read More
September 13, 2018

8th Annual Chair Dinner & Awards Celebrates Industry Leaders

SICA held our annual Chair Dinner and Award Night where we celebrate member anniversaries, board volunteers, Gold Seal recipients, and scholarship recipients. In addition, this year we had the honor of awarding both a Consultant Award and the Innovation Award.
Read More
June 28, 2018

2018 Kamloops Trap & Skeet

Every year the Kamloops Trap & Skeet is one of the most anticipated events we host! With over 100 attendees, BBQ steaks, and some tough competition it is safe to say that a blast was had by all.
Read More
June 27, 2018

2018 SICA Golf Tournament

On June 21st, 2018 144 golfers converged on Sunset Ranch Golf Course for the annual SICA Golf Tournament. Despite lightening in the valley causing a brief course closure and pouring down rain in the afternoon the event was a huge success!
Read More
May 30, 2018

2nd Annual Family Fishing Derby

The beautiful Roche Lake Resort was again the site for our now 2nd annual Family Fishing Derby. This event, hosted through a joint partnership between the Southern Interior Construction Association and CapriCMW Insurance, is quickly becoming a must attend for all SICA members.
Read More
April 30, 2018

Celebrating our Own - Terry Brown Receives CCA's Person of the Year Award

The CCA Person of the Year Award recognizes individuals who demonstrate the qualities of a leader and who apply the highest standards and principles of the construction industry and business community. To those who have had the opportunity of working alongside Terry Brown, he is the living embodiment of this description.
Read More
April 24, 2018

10th Anniversary of Heavy Metal Rocks in Kamloops

2018 marked the 10th year of the Heavy Metal Rocks event in Kamloops. This project provides opportunities for Grade 11 and 12 students from the School District No. 73 to explore career opportunities in the heavy equipment operator field.
Read More
April 19, 2018

Construction Industry Celebrates BC Construction Month at Okanagan College

The Kelowna building community was proud to celebrate BC’s Construction & Skilled Trades Month with a breakfast held at Okanagan College on Thursday. In the newly built Trades Building contractors, apprentices, foundation program students and industry support organizations gathered to recognize the impact the construction industry has on the BC and specifically the Okanagan economy.
Read More
BCCA Employee Benefits logo.JPG
February 07, 2018

Unsung Benefits

The BCCA Employee Benefits’ plans offer other services beyond dental and extended health care.
Read More
January 24, 2018

Message Delivered, Message Received

Successful buildings have always been the result of collaboration between the client, designers, and contractors. A strong team, clear expectations, and concise information will typically result in a project which all involved parties will consider successful. Through recent decades the delivery of projects has changed with increased complexity, decreased timeframes, and changing delivery methods. Now more than ever it is critical that the collaboration between the team occurs to ensure the desired outcome.
Read More
December 20, 2017

TAX ALERT – Government Simplifies Measures to Rein in Income Sprinkling

On December 13, the federal government released legislation to simplify restrictions on income sprinkling, proposed to go into effect January 1, 2018. These revisions indicate they’ve listened to feedback during the consultation period, by providing more certainty to taxpayers through the introduction of “bright-line” tests to automatically exclude some family members, and allow income sprinkling for those members who make sufficient contributions to the business.
Read More
8F - 2006 Mack Dump Truck.jpg
December 13, 2017

Member Spotlight: Ok Excavating

Adaptability, initiative, and customer service are the keys to longevity for a local commercial and residential excavation business in Kelowna. OK Excavating is celebrating 50 years of business in 2017 and, in those years, has undergone many evolutions.
Read More
November 29, 2017

Construction and Cyber Risk: An Overview

A hazard such as a fire has protocols and procedures that are designed to mitigate risks – inspections, suppression systems, and risk management practices. Cyber protection of a business should also employ a rigorous process to develop both a risk prevention and incident response plan. Most cyber insurance applications serve as a catalyst in moving towards this process.
Read More
November 15, 2017

Could Tax Issues Throw Your Business Off Track?

To stay on track, real estate and construction companies should develop a better understanding of where tax issues are likely to complicate or disrupt their business — and develop a plan to mitigate those risks well in advance.
Read More
November 08, 2017

Top Five Reasons for Having an Employee Benefits Plan

One of the biggest investments employers can make is in their employees. And it makes sense to want productive, healthy, and engaged employees. Employees with poor health cannot exert the effort required to be highly productive, and you need engaged employees in order to create innovative solutions.
Read More
August 30, 2017

Obligation of Good Faith in Contracting

The Supreme Court of Canada changed the legal landscape for contracts in the decision of Bhasin v. Hrynew, [2014] SCC 71. This decision created a new common law obligation of good faith that applies to all commercial contracts.
Read More
August 23, 2017

Embracing the Purpose Era

Regardless of the size of your business or the sector you operate in, the purpose movement is shaking up the rules of business and ringing in a new era where business is an active participant in making the world a better place.
Read More