Architects and Engineers’ Undeniable Need for Cybersecurity

The Cybersecurity Imperative for Architects and Engineers

Architects and Engineers’ Undeniable Need for Cybersecurity

While Professional Liability remains the driving component of any A & E firm insurance program, over the past decade a new threat has risen that could be just as damaging to firm health and viability. Cyber criminals have realized that Architects and Engineers are a perfect target for ransomware due to the time sensitive nature of the projects they are working on. If they are mid-project and get locked up in a ransomware attack, their client doesn’t care why it is happening, they just want it fixed immediately.  According to Forbes Advisor, there has been a 72% increase in cyber-attacks since 2021, and A & E firms have been a significant target as these numbers continue to increase. Despite the increased risks, there are ways to stay one step ahead of cyber criminals and it’s not just about having cyber liability insurance anymore. It’s about evaluating your entire cybersecurity program to ensure your firm remains online and you are prepared to respond should anyone get past your first line of defense.

Understanding the Cybersecurity Imperative

Based on research conducted by the AIA, it’s clear that architectural firms face similar, and perhaps greater, risks of cyber-attacks as any other business entity. Despite not dealing with the same high-profile data regularly featured in the news, your firm’s information remains valuable. Detailed building plans, infrastructure schematics, and expertise in integrating “smart” components into modern structures are all enticing targets for cyber attackers looking to exploit such knowledge for financial gain. Furthermore, these attackers can exploit your firm’s digital connections as a gateway into your clients’ environments.

Recent studies reveal a concerning trend: A & E firms are increasingly targeted by cybercriminals, with a notable increase in ransomware attacks and data breaches. Cyber-attacks have affected approximately 60% of engineering companies in the last year alone and almost all firms have been exposed to some form of attempted breach such as phishing emails. Shockingly, an engineering firm’s average data breach cost is now a staggering $400,000.

These statistics continue to highlight the urgency for A & E firms to prioritize cybersecurity. It’s not just about protecting your designs; it’s about protecting your financial stability and reputation. It’s crucial to recognize that the smaller the engineering firm, the less robust its cybersecurity defenses usually are. This underscores the importance of investing in comprehensive cybersecurity measures, regardless of the firm’s size.

Evaluating Cybersecurity Programs

Merely having cyber liability insurance is no longer enough to address the evolving nature of cyber threats. A proactive approach involves evaluating and strengthening the entire cybersecurity program. This process entails assessing current vulnerabilities, identifying potential weaknesses, and implementing robust security measures on the front end in addition to a clear response plan should a breach occur.

The Cyber Insurance industry has made many advancements in the past few years and is now leading the change in security behavior for firms. This is because their requirements to even OBTAIN the coverage have become more stringent as they evolve almost monthly based on the newest attack data the insurance company gathers from firsthand knowledge.

Five years ago, you could answer a few questions and get approved for cyber coverage without much hassle. Today, many cyber insurance companies are performing an external scan of your system and coming back with specific requirements based on that scan for you to even obtain the coverage. Firms with better security are receiving more favorable terms and those that have not made updates could be left without coverage altogether. This is a significant issue as we see more firms become contractually required to carry the coverage as their clients realize projects are in severe jeopardy without it.

Almost as important to the firm’s viability are the resources the cyber insurance company brings to the table both before and after a breach. Many of the cyber carriers today can supplement your internal IT department by continually running scans on your system and revealing vulnerabilities that may not have been on your radar otherwise. They provide in-depth reporting that your IT department may not have the resources or bandwidth to complete, thereby increasing your cybersecurity program substantially.

If a breach occurs, the resources brought by the insurance company are vital to getting you back online and your project moving forward. While the “limits” are certainly necessary to pay for any monetary loss or increased cost to recover your system, it is the expert partners in fields ranging from forensics to regulatory focused attorneys that you are really investing in. Experiencing a significant cyber event without this team, often provided by the insurance company, will likely leave you in a situation where the damage goes far beyond the direct costs of your cyber breach.

Empowering Architects and Engineers

By understanding the evolving threat landscape and fortifying their cybersecurity programs, A & E firms can mitigate risks, protect their digital assets, protect their project viability, and sustain their success in an increasingly digital world.

With a specific focus in the A & E industry and the knowledge that comes from navigating these cyber events with our partners firsthand, Townley Kenton continues to lead with education on the cyber front and will continue to ensure clients have the access to knowledge needed to protect their firm’s interests.

#Architects #Engineers #Cybersecurity #DataProtection #TownleyKenton #SecureYourLegacy

Sources: 

https://www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/#:~:text=As%20the%20globe%20becomes%20more,%25%2C%20surpassing%20the%20previous%20record.

https://hbr.org/2024/02/why-data-breaches-spiked-in-2023

https://www.engineering.com/story/engineering-companies-are-prime-targets-for-cybercrime

https://www.linkedin.com/pulse/engineering-companies-face-large-cybersecurity-enzo-logozzo-xnfuc/

https://theaiatrust.com/resource/cyber-attacks-against-architectural-firms/

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *