Design, engineering, and construction have a multitude of project risks. Most of these are identified, well-defined, and, hopefully, allocated to the party most capable of managing the risk. However cyber intrusion and its potential impact on your business – or your project owner's business – is probably the least appreciated of all construction risks, and it has no clear path to risk allocation or management.
From smart roads to cloud computing, technology permeates almost every aspect of design and construction. Multi-user platforms let contractors, designers and owners use project data simultaneously, which compounds the risk to all parties. But coverage for claims involving data breaches in technology-driven applications – such as integrated project delivery (IPD), building information modeling (BIM), estimating, scheduling programs and virtually any electronic client interface – is largely excluded from commercial liability insurance, many forms of property insurance, as well as various forms of design and construction professional liability insurance.
Throughout the industry, common platforms are used to distribute and manage all kinds of engineering and construction data. This creates vulnerability – and a shared responsibility – for everyone involved. A hacker with access to construction data could wreak havoc not only operationally but also through the physical destruction of data, servers and infrastructure, or by threatening the safety of people onsite. Such incidents can also cause harm to an owner’s design and security systems.
Even attackers who don't intend physical harm may still be interested in obtaining valuable corporate data, such as intellectual property or data that provides a competitive edge. Furthermore, hackers who aren't interested in your company's data may still capitalize on weaknesses in your system to reach other IT networks. This could hold true for contractors who may have access to other targeted systems and, even more so for government contractors who may have such data stored or flow through their IT systems which increasingly are tied to a government's IT network.As a result, anyone in the construction industry should ask the following fundamental questions:
Websites have evolved into active business platforms with attendant risks. And many of these platforms have remotely accessible controls or internet-connected capabilities. In addition to losses caused by data breaches, other types of losses from technology-related incidents may not be covered by your existing insurance program. Traditional policies don't generally cover damages caused by data breaches.
Like other industries, the construction industry is also subject to administrative or industrial compliance regulations, as well as state and federal privacy laws, all of which involve cyber exposures.
Cyber insurance covers first and third party losses – damage to internal IT systems as well as third party liability. It will help mitigate losses from various cyber and electronic issues, such as unauthorized access, business interruption and network damage caused by a virus, malware or human error. It acts as a separate insurance tower in addition to commercial liability coverage. Cyber liability policy can cover a wide range of exposures:
Project owners are becoming increasingly concerned about the information and supply chain security of their design, engineering and construction companies. As a result, owners are beginning to add contractual requirements for cyber liability coverage in certificates of insurance before any work is performed. It's only a matter of time before most design, engineering, and construction contracts will stipulate hold harmless and indemnity provisions to protect the client from cyber-related losses caused by the contractor or design firm's negligence.
You should prepare for a cyber event before it occurs to ensure a streamlined and coordinated response, and to minimize the consequences. Best practices include:
Contact us to learn more.
Authors: Yujin Basetto, Senior Products Manager, Cyber Technology E&O, and Sasha Beamish, Senior Product Underwriter, Financial & Professional Services
Expenses to US healthcare organizations and providers can become exorbitant due to the cost of medical malpractice. Arbitration agreements, which are incorporated into the admission process in many healthcare organizations, can reduce this burden by decreasing the number of jury trials and legal defense costs, promoting timely resolutions, eliminating the concern of unpredictable jury verdicts and damage awards, and maintaining disputants’ privacy. If a dispute proceeds to litigation it is beneficial to have a case heard in a reasonable venue, and a choice of forum agreement is valuable to incorporate in the admissions process.Learn more
The construction industry in Europe is facing fierce competition. Cost competition and international trade pressures are leading to short-term and low-margin planning. This comes at a time when urban design is becoming more complex and needs to evolve to be more adept at managing new forms of mobility, lifestyle, leisure and growing urban populations. Can business leaders balance cost pressures with the needs of sustainable planning? How can complex construction projects be sufficiently funded and how can their construction risks be effectively managed?Learn more
Manufacturers are increasingly using deep learning and artificial intelligence to oversee routine maintenance and prevent faults in their machinery. What can we learn from these industrial applications and how will they evolve over the next few years? In what ways will these technologies help asset and risk managers make better decisions as risks in maintenance systems evolve? Join the webinar for the answer to these questions and more.Learn more
Each year, approximately 4 million patients miss out on healthcare due to lack of available transportation. Based upon no-show rates for appointments and the volume of visits per year, the cost to the US healthcare system could be as much as $150 billion. During a one-year period pilot of utilization of Lyft for non-emergency patient transport there was a 27% reduction in no-show rates and 297% return on investment. Facilities such as MedStar Health and SCL Health have partnered with ridesharing companies to reduce ambulatory “no-shows" and deliver complimentary, convenient and reliable non-emergency transportation services for patients facing transportation barriers. The panel will discuss emerging trends with healthcare organizations' partnering with transportation network companies such as Uber and Lyft, the benefits and exposures these companies create for healthcare providers and how the industry can mitigate those risks as utilization increases.Learn more