Cyber Risks for Contractors

Professional have become increasingly reliant on digital technology to run their practices.  This digital revolution has reshaped the way that many professionals operate and has allowed professionals to better service their clients.  At the same time, reliance on technology has created new areas of exposure for professionals.

A recent report from Chubb analyzed how this technological revolution has reshaped the construction industry.  Under the traditional design-bid-build process, a project would be designed by architects under a separate contract with the owner, and then put out to bid for the construction phase.  Today, contractors are able to utilize new software that allows them to take on a larger role in project design and to store and manage confidential personal information, including building plans, financial records, and employee data.  Contractors’ ability to combine architectural, design, and construction services under one contract streamlines construction and expedites project delivery.

At the same time, the expanded role of contractors also creates new areas of exposure. In particular, contractors must consider risks related to cyber breaches, building design, and advisory services.  In order to manage this risk, contractors must not only rely upon standard commercial general liability insurance, but must also consider errors and omissions policies.  Likewise, contractors should carefully scrutinize which employees or outside vendors are able to access confidential information and limit access only to those employees who actually have a need to know.

Professionals must remain cognizant of how technology changes business.  If professionals are utilizing technology to perform new tasks, or are storing information that could compromise private information, they must carefully consider whether their operations are adequately insured and that they have taken appropriate measures to limit risk.  Professionals who fail to adapt risk management strategies in order to keep pace with changes in technology risk exposing themselves and their clients to security threats and potential liability.