Design, engineering, and construction have a multitude of project risks. Most of these are identified, well-defined, and, hopefully, allocated to the party most capable of managing the risk. However cyber intrusion and its potential impact on your business – or your project owner's business – is probably the least appreciated of all construction risks, and it has no clear path to risk allocation or management.
From smart roads to cloud computing, technology permeates almost every aspect of design and construction. Multi-user platforms let contractors, designers and owners use project data simultaneously, which compounds the risk to all parties. But coverage for claims involving data breaches in technology-driven applications – such as integrated project delivery (IPD), building information modeling (BIM), estimating, scheduling programs and virtually any electronic client interface – is largely excluded from commercial liability insurance, many forms of property insurance, as well as various forms of design and construction professional liability insurance.
Throughout the industry, common platforms are used to distribute and manage all kinds of engineering and construction data. This creates vulnerability – and a shared responsibility – for everyone involved. A hacker with access to construction data could wreak havoc not only operationally but also through the physical destruction of data, servers and infrastructure, or by threatening the safety of people onsite. Such incidents can also cause harm to an owner’s design and security systems.
Even attackers who don't intend physical harm may still be interested in obtaining valuable corporate data, such as intellectual property or data that provides a competitive edge. Furthermore, hackers who aren't interested in your company's data may still capitalize on weaknesses in your system to reach other IT networks. This could hold true for contractors who may have access to other targeted systems and, even more so for government contractors who may have such data stored or flow through their IT systems which increasingly are tied to a government's IT network.As a result, anyone in the construction industry should ask the following fundamental questions:
Websites have evolved into active business platforms with attendant risks. And many of these platforms have remotely accessible controls or internet-connected capabilities. In addition to losses caused by data breaches, other types of losses from technology-related incidents may not be covered by your existing insurance program. Traditional policies don't generally cover damages caused by data breaches.
Like other industries, the construction industry is also subject to administrative or industrial compliance regulations, as well as state and federal privacy laws, all of which involve cyber exposures.
Cyber insurance covers first and third party losses – damage to internal IT systems as well as third party liability. It will help mitigate losses from various cyber and electronic issues, such as unauthorized access, business interruption and network damage caused by a virus, malware or human error. It acts as a separate insurance tower in addition to commercial liability coverage. Cyber liability policy can cover a wide range of exposures:
Project owners are becoming increasingly concerned about the information and supply chain security of their design, engineering and construction companies. As a result, owners are beginning to add contractual requirements for cyber liability coverage in certificates of insurance before any work is performed. It's only a matter of time before most design, engineering, and construction contracts will stipulate hold harmless and indemnity provisions to protect the client from cyber-related losses caused by the contractor or design firm's negligence.
You should prepare for a cyber event before it occurs to ensure a streamlined and coordinated response, and to minimize the consequences. Best practices include:
Contact us to learn more.
Authors: Yujin Basetto, Senior Products Manager, Cyber Technology E&O, and Sasha Beamish, Senior Product Underwriter, Financial & Professional Services
Die deutsche Automobilindustrie und ihre Zulieferer sind gefordert. Zunehmend komplexere und internationale Lieferketten, fehlende Ausweichmöglichkeiten und die Konzentration von Fertigungsschritten haben die Ausfallanfälligkeit erhöht. In diesem Webinar liefern wir tiefere Einblicke in die Erkennung und Bewertung von Risiken im modernen Supply Chain Management. Dabei zeigen wir in Zusammenarbeit mit der ZF Gruppe auf, wie sich Automobilzulieferer und -hersteller fit für die neuen Herausforderungen machen. Das Webinar findet am Freitag, 5. Juli 2019 um 10.30 Uhr statt.Learn more
Les ETI (entreprises de taille intermédiaire) se transforment, innovent, s'internationalisent à une vitesse et avec un dynamisme sans précédent. La transformation et la résilience sont deux enjeux majeurs pour les ETI. Comprendre l'ADN et la singularité des ETI est indispensable pour que les professionnels des risques et des assurances puissent jouer leur rôle de conseil et d'accompagnement auprès des ETI. Rejoignez le webinaire: Jeudi 27 Juin 2019, 9 h 30 (Paris).Learn more
Mobility in Europe will suffer from a higher risk exposure given the increasing occurrences of natural catastrophes. Very much fuelled by climate change, smaller but costly catastrophes are on the rise and, hence, companies need to get better prepared when it comes to transporting goods. What can we expect in terms of natural hazards in Europe in the coming year and what does it mean for business mobility and supply chain? How can insurance help mitigate such risks? Join our webinar on Tue, 28 May 2019, 10:00 CET to find answers to these and more questions.Learn more
Swiss Re Institute and Corporate Solutions China will join forces on 14 May to discuss cutting edge research and insights on implications of insurance innovation for our clients as well as risks and opportunities in the face of the Belt and Road Initiative.Learn more