Could a Cyber Attack Stop Your Next Project?
Cyber threats may not be the first risk that comes to mind in the construction industry – but they should be. In recent months, several high-profile cyber-attacks have brought major UK businesses to a standstill – disrupting supply chains, halting production and putting customer data at risk. These incidents are a powerful reminder that cyber threats are growing in both scale and sophistication.
To explore what this means for the construction sector, Sam Cheshire, Cyber & Tech Practice Group Managing Director at Gallagher and Jake Taylor, Senior Consultant – Global Cyber Risk Management at Gallagher share their insights on key lessons firms can take from recent attacks – and how to strengthen resilience before it’s too late.
One of the most notable patterns in recent attacks is the use of ransomware to lock access to key project files, scheduling systems and payment platforms. In many cases, firms didn’t know they had been breached until it was too late – highlighting how sophisticated and stealthy these attacks have become.
“In today’s connected construction environment, a cyber breach affecting a single contractor or supplier can bring an entire project to a standstill.”
Sam Cheshire, Cyber & Tech Practice Group Managing Director, Gallagher
Construction businesses are particularly at risk due to their heavy reliance on subcontractors, third-party software and remote project management tools. Every additional touchpoint in a supply chain is a potential entry point for cyber criminals. If even one supplier has weak cyber defences, it can compromise the entire project ecosystem.
Another issue is that cyber security awareness is still low across many teams, especially on-site. While tools like Building Information Modelling (BIM), drones and smart devices are improving efficiency, they also widen the attack surface – and if staff aren’t trained to spot phishing attempts or device vulnerabilities, these tools can quickly become liabilities.
So, what can the construction sector do to strengthen its defences?
- Make cyber security part of site safety culture. Just as hard hats and risk assessments are non-negotiable, so too should be password protocols and device security.
- Train your team, from project managers to admin staff, to spot cyber threats and understand what to do if they suspect a breach.
- Secure remote systems and cloud tools, particularly those used to share documents, manage projects or process payments.
- Vet your supply chain partners. Ensure that third-party vendors and subcontractors adhere to minimum cyber security standards.
As the construction industry continues to digitise, the need for cyber resilience will only grow. Cyber-attacks aren’t just a risk to your IT systems – they’re a risk to your projects, your reputation, and your bottom line.
“The increased adoption of technology is transforming the construction sector, but every device connected to your network poses a new threat.”
Jake Taylor, Senior Consultant – Global Cyber Risk Management, Gallagher
But knowledge is power. That’s why, this Cybersecurity Awareness Month, you can join our webinar on Thursday 9th October 2025 at 10 am where our panel of specialists will discuss the current threat landscape, common vulnerabilities, and practical steps you can take to build stronger cyber defences. They will also delve into post-attack scenarios, using a real-world incident as a case study, and explore the unfolding events from the perspectives of cyber risk management, cyber insurance, legal, and brand reputation.