Construction and Cyber Insurance

April 6, 2016

Let’s put any telematics data security issues you may be concerned about aside for a moment and focus on cyber security for your core construction business.

Know that you and your technology are not immune from a security breach simply because you don't take a project owner's Visa card.

Many companies in other industries already have something called cyber insurance and the rest are seriously considering it, according to the Risk Insurance Management Society’s Cyber Survey of 2015, cited by Collin J. Hite, leader of the Insurance Recovery Group and the Data Privacy and Security practice at Hirschler Fleischer, a law firm in Richmond, Va.

In a great op-ed piece written for, Hite says, “The situation is getting so bad that businesses, large and small, finally are realizing that the question is not if they will get breached, but when. The construction industry is not immune from data breaches.”

And your technology is at risk from sources you may not realize.

“Those in the construction industry need to remember, the issue is a privacy breach, not just a cyber breach,” Hite says. “That means that paper is still a source for an old-fashioned privacy breach. Many industry sectors, including construction, still mistakenly believe that, if they do not deal with the general public as customers or possess a lot of credit card information, they are not at risk. Not true.”

Hite uses the example of big box retailer Target. It experienced a $100-million breach because hackers got in through an HVAC vendor’s network that was tied into the retailer’s computer system. Who would have thought?

He recommends considering data privacy insurance since the big-time costs of responding to a data privacy breach usually can’t be handled internally. “The premiums and policy limits are relative to a company’s risk, so that ratio allows a business of any size to consider such coverage,” Hite says.

The mere process of working with insurance underwriters on this coverage can uncover valuable information about the condition of your network security and breach response plan—or lack thereof. “Information learned in this process can be useful for companies to find the gaps and upgrade their security, protocols and insurance coverage,” Hite says.

In addition to advocating a strong response plan for breaches, he outlines some of the elements of cyber insurance available to protect your property and your network:

  • Computer data restoration
  • Re-securing a company’s information network
  • Theft and fraud coverage
  • Business interruption
  • Forensic investigations
  • Crisis and PR management (the media loves to see companies "get theirs")
  • Extortion.

There’s also liability coverage, which includes not only defense of litigation from customers due to a breach, but also:

  • PCI-DSS liability
  • Credit monitoring for customers
  • Cost associated with notifying customers
  • Media and privacy liability
  • Responses to regulatory investigations.

Read even more detail here. If you haven’t considered a cyber policy, you may want to do so. No one wants to end up a Target.

About the Author

Frank Raczon

Raczon’s writing career spans nearly 25 years, including magazine publishing and public relations work with some of the industry’s major equipment manufacturers. He has won numerous awards in his career, including nods from the Construction Writers Association, the Association of Equipment Manufacturers, and BtoB magazine. He is responsible for the magazine's Buying Files.