Dive Brief:
- Fewer companies are taking steps this year as compared to last year to mitigate cybersecurity threats, despite the fact that COVID-19 has exacerbated concerns about online safety, the 2020 Travelers Risk Index found.
- In a survey of more than 1,200 business leaders, less than half (48%) have utilized hacker intrusion detection software, undergone a cyber-risk assessment of their firms (47%) or vendors (37%) or written a business continuity plan that could help in a cyberattack (42%).
- This should raise warning flags for contractors and other businesses as 22% of respondents said their companies had been a victim of a hacker, the highest percentage since the survey’s inception in 2014.
Dive Insight:
Hackers are increasingly going after construction companies, which are often underprepared for an attack. Contractors work closely and share vital information with subcontractors and owners, so ensuring all parties’ data and information are safe and protected builds an extra challenge. The disconnect between the field and the office can create lapses that hackers can exploit, and there are more chances employees can make mistakes.
Cybersecurity experts told Constructive that hackers will “spoof” their way into a construction firm’s system, pose as subcontractors and message company accountants, claiming to have a new routing number. Other times, a hacker will pretend to be an executive and email an employee asking for vital information at a 4 p.m. on a Friday, in hopes the spoof will go unnoticed.
Fake emails used for phishing are increasingly legitimate-looking, experts say and spelling errors can be a quick indicator, but sometimes they’re not so easy to catch.
Since the 2019 Travelers survey, the number of companies with at least 40% of employees working remotely has doubled due to the coronavirus, and only 55% of companies surveyed said they have purchased cybersecurity insurance.
The lack of prep creates a disconnect: After economic uncertainty, cyber risk is the second-highest concern among businesses, Travelers found. Namely, companies worry “some or a great deal” about:
- Suffering a security breach (52%).
- Unauthorized access to financial systems (50%).
- Employees putting company information at risk (48%).
- Becoming a cyber extortion/ransomware victim (47%).
- Theft of the company’s customer or client records (47%).
- Suffering a cyber event due to employees working remotely (47%).