On 23rd February GCHQ’s National Cyber Security Centre (NCSC) issued the first of its kind cyber security guidance aimed at the UK construction industry. The full guidance can be accessed here.
Due to the particular cyber risks facing the construction sector, the NCSC has advised businesses that cyber security measures are as vital as wearing a hard hat on site.
Cyber-attacks in the construction industry are on the increase. For example, in February 2021 cybercriminals gained access to a US water treatment plant in Florida through a poorly protected software app which the plant had stopped using 6 months previously, but which had not been uninstalled from their system. The criminal gained remote access to the network and briefly altered the chemical levels in the drinking water. Additionally, in 2020, Bouygues Construction was hit by a ransomware attack which paralysed their computer system and reportedly led to personal data relating to Bouygues employees, such as addresses, banking details and drug test results being published online.
As these examples evidence, the consequences of a cyber-attack can be devastating. Even if your business does not lose money directly, a data breach or a ransomware attack could cause a temporary shutdown of your business whilst the breach is investigated and systems are recovered, as well as reputational damage with customers and partners. It could also leave you open to an investigation (and fines) from the Information…
