Despite being aware of cyber risk, and even frightened by it, a shocking number of companies in the construction industry have neither a cyber insurance policy nor a basic cyber security plan to deal with a hack or breach into their computer systems. Once breached, companies with no plan in place become, essentially, a rudderless ship subject to the whims of criminal tides.
A proper cyber plan lays out at least the following:
- the criteria for when a plan would be triggered (i.e., in the event of a breach or a hack);
- which persons inside the company (in-house counsel, IT personnel, executive, project managers) and which persons outside the company (attorney with knowledge of cyber issues and ideally construction law as well; forensic computer experts, crisis management experts; and an insurance broker familiar with cyber policies) should be involved;
- the chain of command and communication in this type of situation and the distinct roles each of the above players will fulfill (Note: this is not the same as the normal corporate chain of command); and
- the various available options to address the breach situation, which will all depend upon the facts at issue—such as the type and extent of the breach and how much of what particular kind of information was lost, stolen or exfiltrated.
Reprinted courtesy of Richard Volack, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Mr. Volack may be contacted at firstname.lastname@example.org