than $25 billion in 2030. Companies see the chance for improved safety, sustainability and service but sometimes overlook cyber and data privacy risks. • The construction industry often uses a temporary workforce. Vetting and training subcontractors and temporary employees presents a challenge, but not vetting and training them gives cybercriminals another way into your business. • Legacy systems can give cybercriminals an easy in. Operating systems that are no longer being supported have known vulnerabilities and no patches to fix them. It can be impossible to recover data encrypted by cybercriminals on a legacy operating system. • Doing business with third parties creates additional vulnerability. By its very nature, construction involves collaboration. The stakeholders and operations include architects, engineers, subcontractors and vendors, and everyone is often connected to a common network. A cybercriminal who accesses a vulnerable network can cause potential data breaches. The result is expensive in terms of money and damaged reputations, and there may also be consequences related to regulatory noncompliance. • Lack of industry regulations about cybersecurity is still an issue. Banks and financial services have been required to follow strict rules for decades. The same hasn’t been true for the construction industry, but that has changed. If a contractor wants to bid on federal works projects, they are often now required to show what they have in place to provide cyber security and protect data. Increasingly, contractors are expected to be familiar with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and to comply with Cybersecurity Maturity Model Certification. • Regulations and cybercrimes have become global. Businesses must pay attention to more than just national regulations. Companies that want to compete on a global level must also know about any applicable regulations and penalties. Even if companies choose to operate locally instead of nationally, they must still deal with persistent, increasingly sophisticated global attacks. The days when cybersecurity was only a concern for larger corporations are over. 33
RkJQdWJsaXNoZXIy MTg3NDExNQ==