Only a quarter of firms have prioritised the issue, says insurer
Construction has been named the fifth most at-risk industry for a cyber attack and is still not doing enough to prevent being hit in the future.
The sector was given a risk score of 39, higher than financial services, energy and government, according to the latest Cyber Readiness Report from insurer Hiscox.
Earlier this year offsite specialist Caledonian Modular was hit by a catastrophic cyber-attack just days before it went into administration.
In the Hiscox report, the construction industry ranked slightly below manufacturing (41), as well as business services (42), retail and wholesale (43) and travel and leisure (48).
The risk score is based on how optimistic business leaders are about their ability to deal with future cyber attacks and takes into account the number and cost of cyber events faced by firms surveyed.
Almost half of businesses across all sectors – 44% – reported experiencing one or more cyber attacks in the past year, with an average annual loss of just over £21,000 per company.
Businesses with more than 1,000 employees were more likely to suffer such attacks – 63% reported one in the past 12 months – and suffered more than double the financial toll.
Despite the costs, only 28% of those surveyed said reviewing cyber policies and procedures was a top spending priority for the next 12 months.
Research published earlier this year, published by Egnyte, found that almost half of UK built environment firms had experienced a ransomware attack in the past two years.
The digital security firm found that 25% had experienced two to four attacks in that period and 5% had endured five or more.
The National Cyber Security Centre, which is part of GCHQ, published a guide to help firms in the construction industry protect themselves.