Over 2022 there have been several high-profile Australian businesses have suffered significant cyber-attacks, held to ransom with sensitive personal information stolen, systems compromised, and reputations impacted.

While builders do not typically retain similarly sensitive client information to be extortion targets, other forms of cyber-attacks continue to increase, and your business could still be impacted.

Within the construction industry, the most common technology-related risk continues to be fund transfer fraud, most often in the form of theft by online fraud/deception and payment interception.  Cybercriminals often access systems and lurk in the background for extended periods, capturing weeks or months’ worth of information prior to the cyber-attack being identified. 

Wire transfer fraud examples within the construction industry are most frequently one of three particular types.

  1. Losses where accounts staff receive fraudulent emails which appear to be from one of the directors, requesting an urgent payment be made, often to an overseas account.  These emails have become increasingly realistic, with thieves often using similar language, email formats, and even staff nicknames.
  2. Losses where builders have had their systems compromised, with incoming emails intercepted and altered, resulting in supplier invoices being modified to direct payments to cyber criminals.
  3. Losses where subcontractors have been hacked, with their outgoing emails intercepted and altered, resulting in genuine invoices being sent with updated banking details, resulting in payments being made to cyber criminals rather than subcontractors.

Establishing strong business payment protocols where all staff know to always verbally confirm any new or altered banking details can help you avoid many of these losses.  Additionally, educating your suppliers and your customers about your own banking details, and how they will never change unless verbally advised can help you avoid being involved in an avoidable loss.  Education of your staff and external stakeholders, along with other risk mitigation strategies like multi-factor authentication, keeping all software and apps updated, and frequent data backups can form a crucial part of your business risk management strategies.

From an insurance perspective, there is no straightforward solution, as cyber insurance coverage varies considerably between insurers.  Some cyber insurance policies do not respond at all to wire fraud, and others provide cover for most types of losses.  Coverage limits and pricing will also vary from one insurer to the next, so it’s important that you understand how your policy protects your business, and to ensure you are clear on any uninsured exposures. 

Outside of wire transfer fraud, cyber insurance provides cover across several different sections

Privacy Breach – provides protection against third-party claims for loss of

  • Personal, corporate, or employee information

Coverage typically includes defence costs

System Damage – cover for lost, damaged or destroyed

  • IT systems
  • IT records/data

Coverage includes retrieving, repairing, restoring, or replacing data, systems, or hardware – as well as external IT forensic or security consultant s costs

Business Interruption – cover for loss of profits due to a cyber event

Computer Virus & Hacking – cover includes

  • Loss or theft of your data, or data for which you are responsible – ie customer data, or plans
  • Attacks by employees and third parties both typically covered
  • Loss caused by phishing emails or denials of service attacks

Extortion

  • Payment of ransom
  • Costs of negotiating and mediating due to an extortion attempt

With cyber-attacks continuing to evolve, many businesses would struggle to understand how to immediately respond to a cyber-attack.  Most cyber insurers offer a 24/7 urgent response unit to provide you with instant support for cyber incidents and data breaches.

Cyber-attacks continue to increase in both frequency and complexity.  The team at Master Builders Insurance Brokers can provide you with risk mitigation strategies, and quotations for cyber insurance to protect you from wire transfer fraud, and other technology-related risks.