How robust are your cyber security protocols? That’s the question raised by a National Federation of Builders (NFB) report.
The NFB surveyed members at its summit in April about cyber security and digital transformation. While the volume of responses was not high, the NFB’s analysis of the responses and its observations are pertinent.
Just less than a quarter (24%) said they had suffered a cyber attack in 2022 compared to a national average of 39% reported by UK businesses last year.
However, a significant minority, 20%, said they were ‘not sure’ whether their organisation was subject to an attack. The NFB suggests that there could be a lack of general awareness of what constitutes a cyber attack. It is also possible that respondents’ companies do not regularly share with staff details relating to cyber security.
The NFB said: “Whatever the case, at least one-in-four companies had been attacked, showing that attacks are prevalent and a clear need for construction companies need to exercise caution, preparedness, and ensure they have preventive measures to mitigate against the risk of attack.”
Who’s responsible for cyber security?
Approximately half of all respondents said there was a senior person responsible for cyber security in their business. But again, 20% of those asked, were ‘not sure’.
Those respondents’ companies may have a person dedicated to cyber security, but the fact that the respondents did not know means that there is likely to be a lack of awareness, engagement and therefore accountability for cyber security issues, the NFB observed.
“If staff are not aware who is responsible for cyber security, how can they confidently report any concerns? Cyber security is something that all employees need to be conscious of and vigilant about. A lack of knowledge about the responsible person suggests there may well be other important cyber security information that is not being disseminated – a potentially serious issue, but one that could be dealt with relatively easily by improving internal communications,” the federation said.
The NFB also analysed the regularity of cyber security risk reviews. Around a third of contractors said they reviewed risks on a monthly basis, indicating a proactive cyber security management system.
However, almost 20% of respondents only review risk on an annual basis, while a further 12% never assess their risk at all. Around 40% of respondents did not know how often their companies assessed their risk.
The report concludes: “Effective cyber security practices require buy-in, input and awareness from all staff and so improving awareness across the business will go a long way to helping defend against attacks and reducing the likelihood of a cyber breach – as a company’s defence is only as strong as its weakest link.”
This article first appeared on BIMplus.