At the heart of underwriter insights - Cyber
Cyber Portfolio Manager
From a cyber underwriting perspective, the construction sector is central to how we think about operational disruption. The combination of the volume of technology being adopted, and the way it’s being used, combine to make the sector particularly exposed. Construction businesses are stitching together IT systems, operational technology, third-party platforms and supply chain networks in real time, often across multiple live projects. That creates a level of connectivity and complexity that attackers can exploit.
In the UK, these trends are unfolding alongside a tightening regulatory and commercial environment. The influence of NIS2 is being felt through supply chains and customer requirements, particularly for UK firms operating across European markets. More broadly, cyber risk is being framed as part of operational resilience, with regulators and government bodies focusing on firms’ ability to continue operating through disruption, not just prevent incidents. Baseline expectations are also being shaped by guidance from the National Cyber Security Centre, and for many, demonstrating cyber resilience is becoming a prerequisite for winning work, not only a technical box to tick.
We’re seeing this shift reflected in incidents too – many breaches aren’t limited to data loss or privacy breaches but interrupt workflows, lock access to critical systems and, in some cases, affect the physical environment through connected operational systems. In short, the line between cyber and operational risk has effectively disappeared.
What’s interesting from an underwriting perspective is that many of the drivers of serious incidents are not especially sophisticated. They are often rooted in familiar issues, such as legacy systems that can’t easily be patched, weak segmentation between systems, social engineering or long-term third parties that become unintended entry points.
Businesses that take a more deliberate approach to these basic fundamentals can materially reduce their exposure. Segmentation between IT and OT environments, for example, remains one of the most effective ways to limit the impact of an incident. Similarly, improving visibility over legacy systems and addressing known vulnerabilities can remove common attack paths. Furthermore, ensuring staff are trained to spot phishing emails and spoof phone calls is essential.
There is a need to think beyond prevention. Quick, clear and smooth responses, based on tested response plans, clear decision-making structures and a realistic understanding of how long recovery might take, are equally important.
For brokers, this is where the conversations are evolving. Customers are less interested in abstract cyber threats and more focused on what an incident would mean for their own business: how long they would be offline, how projects would be affected, and how quickly they could recover. That shift is an important one to pay attention to because ultimately, what we’re underwriting in construction is cyber risk and business interruption together.
At the heart of underwriter insights - Cyber
Cyber Portfolio Manager
From a cyber underwriting perspective, the construction sector is central to how we think about operational disruption. The combination of the volume of technology being adopted, and the way it’s being used, combine to make the sector particularly exposed. Construction businesses are stitching together IT systems, operational technology, third-party platforms and supply chain networks in real time, often across multiple live projects. That creates a level of connectivity and complexity that attackers can exploit.
In the UK, these trends are unfolding alongside a tightening regulatory and commercial environment. The influence of NIS2 is being felt through supply chains and customer requirements, particularly for UK firms operating across European markets. More broadly, cyber risk is being framed as part of operational resilience, with regulators and government bodies focusing on firms’ ability to continue operating through disruption, not just prevent incidents. Baseline expectations are also being shaped by guidance from the National Cyber Security Centre, and for many, demonstrating cyber resilience is becoming a prerequisite for winning work, not only a technical box to tick.
We’re seeing this shift reflected in incidents too – many breaches aren’t limited to data loss or privacy breaches but interrupt workflows, lock access to critical systems and, in some cases, affect the physical environment through connected operational systems. In short, the line between cyber and operational risk has effectively disappeared.
What’s interesting from an underwriting perspective is that many of the drivers of serious incidents are not especially sophisticated. They are often rooted in familiar issues, such as legacy systems that can’t easily be patched, weak segmentation between systems, social engineering or long-term third parties that become unintended entry points.
Businesses that take a more deliberate approach to these basic fundamentals can materially reduce their exposure. Segmentation between IT and OT environments, for example, remains one of the most effective ways to limit the impact of an incident. Similarly, improving visibility over legacy systems and addressing known vulnerabilities can remove common attack paths. Furthermore, ensuring staff are trained to spot phishing emails and spoof phone calls is essential.
There is a need to think beyond prevention. Quick, clear and smooth responses, based on tested response plans, clear decision-making structures and a realistic understanding of how long recovery might take, are equally important.
For brokers, this is where the conversations are evolving. Customers are less interested in abstract cyber threats and more focused on what an incident would mean for their own business: how long they would be offline, how projects would be affected, and how quickly they could recover. That shift is an important one to pay attention to because ultimately, what we’re underwriting in construction is cyber risk and business interruption together.
Article