The construction industry plays a vital role in shaping economic progress and growth. As with many sectors, the adoption of new technologies can dramatically improve efficiency and productivity. And while embracing innovation is key, it’s also important to understand the potential risks that come with these advancements. The construction industry is one of the most heavily targeted by cyber threat actors and malicious actors exploit organizations in several ways. 

Cyber Threat Landscape 

Emergence of Artificial Intelligence 

The emergence of Artificial Intelligence (AI) is being applied in many facets of the construction industry to enhance productivity and efficiency through automation. However, as these applications are more widely adopted, threat actors see an opportunity to manipulate existing AI applications within businesses, or to carry out attacks with greater speed, fewer errors and with greater precision.

In construction, this can leave organizations vulnerable since there isn’t always someone monitoring the activities of these applications. Working with a security operations team that monitors network activity 24/7 can reduce the impact of these threats.

Impacts of Cyber Attacks

Operational Disruption

For construction firms, project timelines are everything. From meeting contractual obligations to lowering time on site to reduce safety risks, there are many benefits to being on time and completing projects in an orderly fashion. A cyberattack can derail progress by halting operations.

Data Loss and Intellectual Property Theft

Due to the communication needed on projects between owners, designers, general contractors and other parties, data-sharing is near-constant. Business email compromise has become a prevalent area of vulnerability because of threat actors’ ability to manipulate user accounts and divert legitimate emails quickly during a conversation when the project participants are aiming to work quickly. Business email compromise and ransomware can also cause misdirected wire transfers, leading to the interception of data, contracts and intellectual property, and result in operational downtime and financial and reputational consequences

In many cases, organizations are required to disclose data breaches after they’ve occurred, which can result in loss of client trust and diminish or destroy brand image and, ultimately, stifle the reputation of your business.

 

The Data

In September of 2025, a resurgence in ransomware activity resulted in 562 public attacks reported, with construction and engineering as the most impacted sector, making up 11.4% of victims.¹

 In April of 2024, a general contracting company endured a ransomware attack that impacted the personal data of over 1,000 employees. In this instance, they engaged an incident response firm to help them recover. Because their backups were well established, they were able to recover all their data without paying the threat actor. Unfortunately, the data was already accessed, which required a bit of cleanup individually from the employees impacted.² 

 93% of attacks in 2024 started via a phishing campaign.³ 

The importance of security awareness training can’t be overstated.

Image: shotbydave / E+ via Getty Images

The Cost of a Breach

One of the main roadblocks for organizations considering investment in cybersecurity is determining where to start and what interventions will be most effective.

According to the 2025 Cost of a Data Breach Report by IBM, here are a few key items that caused the largest shifts both positively and negatively while they were in place in the event of a breach:

• $212,061 Security Analytics or SIEM (Security Information and Event Management): A SIEM system correlates all the data in your digital environment into one place. The ability to always see what’s happening in your environment is crucial for reducing the impact of a breach.

• $193,242 Proactive Threat Hunting: Searching for anomalies in your environment before they become a breach or damage occurs is a clear way to continually work toward reducing breach costs.

• $168,361 Endpoint Detection and Response Tools: Implementing response agents on all devices is a major step in deterring malware from gaining a foothold in your environment.

• $128,087 Managed Security Service Provider (MSSP): An MSSP provides the human element of managed security to respond to threats. Utilizing different technological toolsets, an MSSP’s analysts or engineers provide the eyes watching for threats, help communicate complex threats and can help remediate active threats. 

• $131,212 Remote Workforce: During the COVID-19 era, many employers allowed employees to work remotely, which can open gaps for threat actors to exploit. In construction, working and connecting to networks remotely is imperative for operations, so ensuring you’ve properly set up these connections and protected them is a must.

• $175,010 IoT and OT Environment Impacted: There can be hundreds of sensors, cameras, devices and types of machinery on a construction site, so this impact may be even higher in this sector than others.

• $200,321 Shadow AI: Shadow AI is the use of AI tools that are unapproved, ungoverned or misused. There are many different AI agents that are easily accessible and free, which could allow for sensitive information to be shared, documents to be scanned or inaccurate information to be displayed. Because of this, threat actors can potentially exploit the tools if they’re utilized outside approved parameters.

• $227,244 Supply Chain Breach: In this sector, supply chains are an integral portion of the operation. When an attack stems from the organization it originated in, it can cause severely negative downstream effects that impact the efficiency of a project, the materials needed or the end customers.

 

What Can You Do?

Building a cyber resilient construction firm takes time, planning and buy-in from everyone in your organization. Culturally, setting the tone for a cyber-aware employee base is an imperative to combat cyber risk. You are only as strong as your weakest link. Fortunately, there are many different ways to defend your organization against persistent threats.

At SpearTip, a company of Zurich, we take our continuous learning from analyzing threats 24/7 and apply it to the protection we give our clients. Whether it’s assessing your current posture and preparing for a breach, continuously monitoring your endpoints or user behaviors for malicious activity with our 24/7 security operations center or getting help during or after a breach with the deployment of our incident response team, we are here to ensure your organization remains resilient against evolving cyber threats.

Sources:

1. https://industrialcyber.co/ransomware/global-cyber-attacks-decline-but-ransomware-jumps-46-as-genai-threats-hit-education-telecom-government/
2. https://www.constructiondive.com/news/skender-ransomware-attack-chicago-maine/712844/
3. https://www.verizon.com/business/resources/reports/dbir./