A recent survey conducted jointly by Dodge Construction Network and Egnyte has unveiled a concerning reality within the Architecture, Engineering, and Construction (AEC) industry. Contractors are facing an alarming surge in cybersecurity threats, with 59% of these entities falling victim to cyberattacks in the past two years. The most severely impacted are general contractors, with a striking 70% reporting encounters with cybersecurity threats. These figures accentuate a vulnerability that demands urgent attention and protective measures.
Challenges Faced by AEC Firms
While 72% of professionals believed they were adequately prepared, a significant 77% admitted their inability to sustain operations for more than five days without access to essential documentation. Such disruptions wreak havoc on project timelines, emphasizing the profound impact of cyberattacks on the industry’s operational efficiency and financial stability.
Unveiling the Cybercriminals’ Tactics
Often, construction companies serve as unsuspecting conduits, offering hackers a gateway to more lucrative targets—the clients of builders. Cybersecurity expert Stel Valavanis, CEO of onShore Security, emphasized this in a recent article, explaining that construction firms, while not perceiving themselves as prime targets, serve as weak links in the defense systems shielding high-value targets. This reality places them squarely in the crosshairs of cybercriminals, who exploit this vulnerability to launch attacks with far-reaching consequences.
Regulatory Measures and Mitigation Strategies
In response to the escalating cyber threats, regulatory bodies like the Securities and Exchange Commission have introduced stringent public disclosure rules for cyberattacks. Public companies are now mandated to report material cybersecurity events, outlining breach details on the SEC’s Form 8-K. Many firms have opted to enhance internal security procedures, emphasizing practices such as regularly updating unique passwords and utilizing cutting-edge security software. Additionally, some have implemented rules governing data exchange, incorporating information backup systems and secure services while maintaining built-in security measures. However, a notable gap exists concerning the adoption and enforcement of security compliance certificates.
Silver Lining amidst the Challenges
Despite the grim scenario painted by the survey, there is a glimmer of hope. The report highlights that firms proactively pursuing security compliance certificates and strengthening their internal security protocols have experienced significant positive outcomes. These measures, when diligently implemented, prove highly effective, offering a promising path forward for the industry.
While the AEC industry finds itself at a dangerous juncture in the face of widespread cyber threats, these findings serve as a blaring call for immediate action. By prioritizing cybersecurity, adopting best practices, and embracing regulatory guidelines, AEC firms can fortify their defenses, ensuring a more secure digital landscape for both themselves and their clients.
Want to Learn More?
Reach out to a trusted advisor today to learn more about how a partnership with RCM&D can benefit your business.