Construction and Cyber Threats: Risks From Reliance on Technology for Planning, Design, and Operation

Cyber Insurance and Surety Bonds, Damages From Down Time, Breach of IP and Bid Data, Workforce Injuries, and Property Claims

A live 90-minute CLE video webinar with interactive Q&A

Wednesday, November 17, 2021

1:00pm-2:30pm EST, 10:00am-11:30am PST

or call 1-800-926-7926

This CLE course will advise construction counsel about the growing risks of cyberattacks in the construction industry, spotlighting the recent ransomware attacks on Bird Construction and other construction companies. The panel will discuss how to recognize, address, and attempt to ward off cyber threats from ransomware and beyond. The panel will also guide counsel on the proper insurance coverage related to cyber risks, ways to identify strategies for protecting against those risks in construction contracts, and offer best practices for handling cyber claims.


Cybersecurity attacks are continuously making headlines these days, and the construction industry is certainly not immune. For some construction companies, recent ransomware attacks lead to the loss of confidential company and client data or a systems shutdown, resulting in a loss of work and productivity for the company and a resulting delay to the projects at issue. Cyberattacks can take many forms, and as they adopt more technological solutions and workflows, construction companies need to prepare to defend themselves from such risks.

Considering the prevalence of the attacks and the seriousness of their consequences, construction counsel should look at addressing clients' policies and procedures to mitigate risks from potential exposure. Such policy changes should especially focus on security in the company’s use of technology and automation in planning, designing, constructing, and operating a project. Security failures and gaps in such processes often leave construction companies open to attacks.

Other mitigation policies should focus on providing periodic cybersecurity training and information to all employees of a construction company. Relevant training would include the ability to identify phishing emails and scans, the prohibition of clicking on unknown links, and password management and safety.

In addition to mitigation of risk, counsel should consider the strategic use of cyber insurance to manage any resulting liability from cyberattacks.

Listen as our authoritative panel discusses how cyber risks and security issues are impacting the construction industry. The panel will address best practices for construction companies to attempt to deflect and ward off cyberattacks, how to plan for future attacks, how to address an attack once it occurs, and how to implement certain measures to limit the liability for such attacks once they occur.



  1. Recent cyber risk to construction companies
  2. Why construction companies are at a higher risk for attack
  3. Types of cyberattacks, including ransomware, denial of service attacks, and malware
  4. Recent cyberattacks on construction companies, including how and why the attacks occurred
  5. Results of cyberattacks on a construction business, including breach of data security, down time, delays to the project, and loss of resources
  6. Risk management techniques to attempt to avoid a cyberattack, including the use of employee training and the use of advanced planning and technology
  7. Use of cyber insurance to address the often-devastating effects of cyberattacks


The panel will address these and other relevant issues:

  • Why construction companies have become viable targets for cyberattacks
  • How counsel can help ensure employees receive appropriate training and information about cybersecurity and the various ways to attempt to avoid cyberattacks
  • Are mechanisms in place, such as multi-factor authentication and other risk management technology, to mitigate the exposure when employees make mistakes?
  • Do web applications, which have back-end access to some of the most sensitive data, have appropriate forward-facing defenses in front of them, blocking common web application security threats?
  • Does the company have the appropriate skills, planning, and procedures in-house to secure modern web applications properly? When is a consultant necessary?


Pezzillo, Brian
Brian J. Pezzillo

Howard & Howard Attorneys

Mr. Pezzillo advises clients on compliance matters regarding data privacy regulations, including the European...  |  Read More

Volack, Richard
Richard R. Volack

Peckar & Abramson

Mr. Volack’s practice encompasses dispute resolution through mediation, arbitration and, when necessary,...  |  Read More

Attend on November 17

Cannot Attend November 17?

You may pre-order a recording to listen at your convenience. Recordings are available 48 hours after the webinar. Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video