The UK’s construction industry has received its first-ever cybersecurity guidance from the National Cyber Security Centre (NCSC).

The document, Cyber security for construction businesses, provides practical, tailored advice for construction firms on protecting their businesses and building projects from cyber-attackers. The guidance details the most common attack vectors construction faces, including spear-phishing, ransomware and supply chain attacks.

The publication, launched with the Chartered Institute of Building (CIOB), looks at all aspects of construction, from design to handover. The recommendations cover areas such as strong password practices, backing up devices, avoiding phishing attacks, collaborating with partners and suppliers and incident response.

The NCSC advised businesses in the sector that these cybersecurity measures are as necessary as wearing a hard hat on site – it’s just less obvious to see.

The GCHQ body said the guidance was necessary amid rising cyber-threats targeting the construction sector, which are seen as lucrative targets due to the sensitive data they hold and the high-value payments they process. It also noted that these organizations are becoming increasingly reliant on digital technologies, such as 3D modeling packages, GPS equipment and business management software.

The guidance is mainly aimed at small and medium-sized firms, which make up the majority of the UK’s construction industry. Earlier this year, a study found that over half (51%) of SME businesses and self-employed workers in the UK have experienced a cybersecurity breach.

Sarah Lyons, NCSC deputy director for economy and society resilience, commented: “As construction firms adopt more digital ways of working, it’s vital they put protective measures in place to stay safe online – in the same way you’d wear a hard hat on site.

“That’s why we’ve launched the new Cyber Security for Construction Businesses guide to advise small and medium-sized businesses on how to keep their projects, data and devices secure.

“By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber-attack and build strong foundations for their overall resilience.”  

Caroline Gumble, chief executive of the Chartered Institute of Building (CIOB), said: “The consequences of poor cybersecurity should not be underestimated. They can have a devastating impact on financial margins, the construction program, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing. As such, managing data and digital communications channels are more important than ever.

“This guide provides a timely opportunity to focus on the risks presented by cybercrime, something that has been highlighted by CIOB for some time. We’re now delighted to partner with the National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) to produce another invaluable resource.”