GCHQ/CIOB offer cyber security guidance to construction SMEs

Image: 239692497 © BiancoBlue |

As the construction industry increasingly digitalises, guidance on protecting against cyber attacks has been published by GCHQ’s National Cyber Security Centre (NCSC) and the Chartered Institute of Building (CIOB).

The guidance, Cyber Security for Construction Businesses, is aimed at SMEs in the sector as they increasingly adopt digital ways of working, including 3D modelling packages, GPS equipment and business management software.

The guide offers practical advice for each stage of construction, from design to handover, and sets out the common cyber threats the industry faces, including from spear-phishing, ransomware and supply chain attacks.

The new guidance is split into two parts: the first aimed at helping business owners and managers understand why cyber security matters, and the second aimed at advising staff responsible for IT equipment and services within construction companies on actions to take.

The advice outlines seven steps for boosting resilience, covering topics including the creation of strong passwords; backing up devices; how to avoid phishing attacks; collaborating with partners and suppliers; and preparing for and responding to incidents.

A number of high-profile construction businesses have been the victims of cyber attacks, including Amey and Arup.

Sarah Lyons, NCSC deputy director for economy and society resilience, said: “As construction firms adopt more digital ways of working, it’s vital they put protective measures in place to stay safe online – in the same way you’d wear a hard hat on site.

“By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber attack and build strong foundations for their overall resilience.”   

CIOB chief executive Caroline Gumble added: “The consequences of poor cyber security should not be underestimated. They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing. As such, managing data and digital communications channels is more important than ever.

“This guide provides a timely opportunity to focus on the risks presented by cyber crime, something that has been highlighted by CIOB for some time.”

Less than a month ago, NCSC warned organisations to bolster their security ahead of a possible cyber attack from Russia.

In November last year, a UK government report highlighted the lack of visibility of the supply chain’s resilience to cyber attacks as the biggest threat to British industry’s cyber security.

Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.

Story for BIM+? Get in touch via email: [email protected]

Latest articles in News