Design, engineering, and construction have a multitude of project risks. Most of these are identified, well-defined, and, hopefully, allocated to the party most capable of managing the risk. However cyber intrusion and its potential impact on your business – or your project owner's business – is probably the least appreciated of all construction risks, and it has no clear path to risk allocation or management.
From smart roads to cloud computing, technology permeates almost every aspect of design and construction. Multi-user platforms let contractors, designers and owners use project data simultaneously, which compounds the risk to all parties. But coverage for claims involving data breaches in technology-driven applications – such as integrated project delivery (IPD), building information modeling (BIM), estimating, scheduling programs and virtually any electronic client interface – is largely excluded from commercial liability insurance, many forms of property insurance, as well as various forms of design and construction professional liability insurance.
Throughout the industry, common platforms are used to distribute and manage all kinds of engineering and construction data. This creates vulnerability – and a shared responsibility – for everyone involved. A hacker with access to construction data could wreak havoc not only operationally but also through the physical destruction of data, servers and infrastructure, or by threatening the safety of people onsite. Such incidents can also cause harm to an owner’s design and security systems.
Even attackers who don't intend physical harm may still be interested in obtaining valuable corporate data, such as intellectual property or data that provides a competitive edge. Furthermore, hackers who aren't interested in your company's data may still capitalize on weaknesses in your system to reach other IT networks. This could hold true for contractors who may have access to other targeted systems and, even more so for government contractors who may have such data stored or flow through their IT systems which increasingly are tied to a government's IT network.As a result, anyone in the construction industry should ask the following fundamental questions:
Websites have evolved into active business platforms with attendant risks. And many of these platforms have remotely accessible controls or internet-connected capabilities. In addition to losses caused by data breaches, other types of losses from technology-related incidents may not be covered by your existing insurance program. Traditional policies don't generally cover damages caused by data breaches.
Like other industries, the construction industry is also subject to administrative or industrial compliance regulations, as well as state and federal privacy laws, all of which involve cyber exposures.
Cyber insurance covers first and third party losses – damage to internal IT systems as well as third party liability. It will help mitigate losses from various cyber and electronic issues, such as unauthorized access, business interruption and network damage caused by a virus, malware or human error. It acts as a separate insurance tower in addition to commercial liability coverage. Cyber liability policy can cover a wide range of exposures:
Project owners are becoming increasingly concerned about the information and supply chain security of their design, engineering and construction companies. As a result, owners are beginning to add contractual requirements for cyber liability coverage in certificates of insurance before any work is performed. It's only a matter of time before most design, engineering, and construction contracts will stipulate hold harmless and indemnity provisions to protect the client from cyber-related losses caused by the contractor or design firm's negligence.
You should prepare for a cyber event before it occurs to ensure a streamlined and coordinated response, and to minimize the consequences. Best practices include:
Contact us to learn more.
Authors: Yujin Basetto, Senior Products Manager, Cyber Technology E&O, and Sasha Beamish, Senior Product Underwriter, Financial & Professional Services
Mobility in Europe will suffer from a higher risk exposure given the increasing occurrences of natural catastrophes. Very much fuelled by climate change, smaller but costly catastrophes are on the rise and, hence, companies need to get better prepared when it comes to transporting goods. What can we expect in terms of natural hazards in Europe in the coming year and what does it mean for business mobility and supply chain? How can insurance help mitigate such risks? Join our webinar on Tue, 28 May 2019, 10:00 CET to find answers to these and more questions.Learn more
Swiss Re Institute and Corporate Solutions China will join forces on 14 May to discuss cutting edge research and insights on implications of insurance innovation for our clients as well as risks and opportunities in the face of the Belt and Road Initiative.Learn more
In 2018 Australian industries were ravished by a range of perils; cyclones, droughts, floods, hailstorms and wildfires, which caused widespread damage and disruption to supply chains. During the webinar we will focus on the increasing number of natural disasters and extreme weather events in Australia and what risk managers are doing to prepare for, and protect, their assets and balance sheets.Learn more
Expenses to US healthcare organizations and providers can become exorbitant due to the cost of medical malpractice. Arbitration agreements, which are incorporated into the admission process in many healthcare organizations, can reduce this burden by decreasing the number of jury trials and legal defense costs, promoting timely resolutions, eliminating the concern of unpredictable jury verdicts and damage awards, and maintaining disputants’ privacy. If a dispute proceeds to litigation it is beneficial to have a case heard in a reasonable venue, and a choice of forum agreement is valuable to incorporate in the admissions process.Learn more