{"id":39088,"date":"2023-12-20T09:00:21","date_gmt":"2023-12-20T08:00:21","guid":{"rendered":"https:\/\/www.accuracy.com\/?p=39088"},"modified":"2025-10-23T14:49:34","modified_gmt":"2025-10-23T12:49:34","slug":"cybercrime-report","status":"publish","type":"post","link":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/","title":{"rendered":"Cybercrime report"},"content":{"rendered":"<h3><strong>Introduction<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Cybercrime is a growing concern for the construction sector in the Middle east.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Amidst the rise of cybercrimes and cyberattacks, it has become paramount for companies across the globe to prioritise the\u00a0 establishment of strong cybersecurity measures.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Freshfields Bruckhaus Deringer, Accuracy, and New York University Abu Dhabi (<\/span><i><span style=\"font-weight: 400;\">NYUAD<\/span><\/i><span style=\"font-weight: 400;\">) collaborated to carry out a compre-\u00a0 hensive survey within the Middle East region\u2019s construction sector (the <\/span><i><span style=\"font-weight: 400;\">Survey<\/span><\/i><span style=\"font-weight: 400;\">). The purpose of the Survey was to evaluate\u00a0 the risks construction project participants face in relation to cybercrimes and gauge their level of preparedness.<\/span><\/p>\n<p><strong>This report examines the common cybercrime and cybersecurity practices in the Middle East construction sector using the\u00a0 results from the Survey. In addition to this introductory section, the report is structured as follows:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Section II sets out the executive summary.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Section III sets out the key findings from the Survey, including highlighting risks that make the sector more vulnerable.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Section IV sets out our recommendations on best cybersecurity practices, including mitigation strategies, for the construc-\u00a0 tion sector based on the data and findings gathered from the Survey.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Section V explains the methodology adopted to gather and analyse the Survey data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Section VI provides our conclusion and key takeaway points from the Survey findings.<\/span><\/li>\n<\/ul>\n<p><strong>The Construction Industry Is Vulnerable to Cyber Attacks<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Around the world, the construction sector has been hit hard by the rise of cybercrime in recent years. To take one exam-\u00a0 ple, Dutch construction company Royal Bam Group fell victim to cyberattacks in 2020 when cyber criminals encrypted the\u00a0 company\u2019s data, preventing access to it. The company had to take a number of its systems offline in order to neutralise the\u00a0 attack. <\/span><span style=\"font-weight: 400;\">1 <\/span><span style=\"font-weight: 400;\">Indeed, the increasing digitalisation of construction processes has given cybercriminals new opportunities to target\u00a0 construction project participants, who now hold increasingly large amounts of sensitive data in online repositories. Despite\u00a0 increasing reliance on digital processes, cybersecurity awareness within the sector remains relatively low. This vulnerability\u00a0 is evident from a 2021 survey, <\/span><span style=\"font-weight: 400;\">2\u00a0 <\/span><span style=\"font-weight: 400;\">which highlighted the sector\u2019s susceptibility to cyberattacks and the elevated success rates\u00a0 for such attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">At the same time, cybersecurity has not gained much attention from construction researchers, as demonstrated in an aca-\u00a0 demic study. <\/span><span style=\"font-weight: 400;\">3 <\/span><span style=\"font-weight: 400;\">The Survey\u2019s findings shed light on the scale and scope of the issue and highlight the urgent need for con-\u00a0 struction project participants to take cybersecurity seriously.<\/span><\/p>\n<p><strong>Why Should Companies Care about Cyber Incidents Targeting the Construction Sector in\u00a0 the Middle East<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">While companies in all industries are susceptible to cyberattacks, the somewhat unique aspects of the construction sec-\u00a0 tor\u2019s complexity of projects, layers of stakeholder involvement, emphasis on time efficiency, and heavy reliance on sensitive\u00a0 personal and business data can make the impact of cyberattacks on construction sector companies particularly harmful.\u00a0 Companies in the Middle East are at even greater risk, given the close relationship they may have with government entities\u00a0 on projects or the increasing rate of growth in the area, which is not always accompanied by a proportionate investment in\u00a0 cybersecurity. In particular, we note:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Construction projects require time efficiency. Time is money on a construction project, with the risk of delays contrac-\u00a0 tually allocated within the supply chain. Therefore, a cyberattack that imperils the diligent progress of a project can have\u00a0 significant ramifications.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Construction projects rely on sensitive data. Plans and designs used for construction can provide information regard-\u00a0 ing access points and weaknesses in security for the finished structure. That is sensitive data, particularly during the\u00a0 operations phase of the project (for example, if special airport systems could be accessed during operations because of\u00a0 unknown hacks during the design and construction phase).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Construction projects have complex supply chains. There can be very lengthy supply chains on construction projects,\u00a0 with even the lowest level of the supply chain having access to plans, designs, and other sensitive data. To protect the\u00a0 project\u2019s data, every layer of the supply chain needs to be focused on cyber security, but smaller entities at the bottom of\u00a0 the supply chain will not have the same ability to invest in cyber security.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Political sensitivity is greater in the Middle East. Many construction projects in the Middle East are financed by govern-\u00a0 ment or private entities in which the state has invested (or owns). That can create a political dimension to (a) the need for\u00a0 cybersecurity (in addition to data protection laws, there may be a licensing regime pertaining to data relating to a project\u00a0 procured by government \u2013 e.g., DESC in Dubai) and (b) the motivation for cyberattacks.<\/span><\/li>\n<li aria-level=\"1\"><span style=\"font-weight: 400;\">There is increasing technological reliance in the Middle East. Historically, technology adoption on construction pro-\u00a0 jects in the Middle East has been slow, but it is now ramping up. In particular, a 2022 PwC Middle East Capital Projects\u00a0 and Infrastructure Survey identified that technology adoption in the construction sector has surpassed 50% for the first\u00a0 time. <\/span><span style=\"font-weight: 400;\">4 <\/span><span style=\"font-weight: 400;\">If technology is not adopted in concert with suitable cybersecurity measures, the construction sector in the Middle\u00a0 East will continue to face problems.<\/span><\/li>\n<\/ul>\n<h3><strong>Key Areas of Concern: Theft of Sensitive Data and Ransomware Attacks<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">One of the most common forms of cybercrime in the construction sector is the theft of sensitive data, which can be used\u00a0 for purposes of ransomware, identity theft, access to trade secrets, etc. Stolen data can include plans, designs, project\u00a0 management information, and personal and financial data. This data loss can have financial implications, put projects at risk,\u00a0 and harm the company\u2019s reputation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another primary concern is the threat of ransomware attacks. A study by Nordlocker showed that construction had been\u00a0 the most targeted sector by ransomware attacks in 2022. <\/span><span style=\"font-weight: 400;\">5 <\/span><span style=\"font-weight: 400;\">In these attacks, cybercriminals encrypt a company\u2019s data and\u00a0 demand payment in exchange for the decryption key. The construction sector is particularly vulnerable to such threats due\u00a0 to the intricate data landscape tied to construction projects, which often holds significance for project success.<\/span><\/p>\n<h3><strong>Quantifying Cyber Incidents Is Difficult Because Many Incidents Are Unreported<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Accurately gauging the prevalence of cyberattacks within the sector poses a challenge, given that many incidents go unre-\u00a0 ported despite the existence of data protection legislation mandating data breach reports in certain circumstances. The\u00a0 frequency and severity of attacks can vary widely depending on the industry and global region.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, there is no doubt that cyberattacks have become a significant problem for businesses across all sectors and one\u00a0 that is growing. In recent years, there have been high-profile attacks on companies in industries such as healthcare, finance,\u00a0 retail, technology, and construction. For instance, in 2019, a Canadian construction company fell victim to a severe ransom-\u00a0 ware attack, during which the attackers demanded a ransom of USD 6.5 million to release 60GB of crucial data. <\/span><span style=\"font-weight: 400;\">6 <\/span><span style=\"font-weight: 400;\">Similarly,\u00a0 in 2020, a French construction company experienced a cyberattack that resulted in malicious actors gaining control of over\u00a0 200GB of sensitive data and demanding a ransom of USD 11 million. As a precautionary measure, the company had to\u00a0 temporarily shut down multiple operational systems, leading to significant project delays. <\/span><span style=\"font-weight: 400;\">7<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to a report by Cybersecurity Ventures, the global cost of cybercrime is projected to reach USD 10.5 trillion by\u00a0 2025. The report also estimates that a new cyberattack occurs every 11 seconds, with attacks increasing rapidly. <\/span><span style=\"font-weight: 400;\">8<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another report by the Ponemon Institute found that the average cost of a data breach in the United States was USD 9.05\u00a0 million in 2021. The report also found that the average time to identify and contain a breach was 287 days. <\/span><span style=\"font-weight: 400;\">9<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In summary, cyberattacks present a significant and growing threat to businesses in all sectors across the globe, including in\u00a0 the construction sector in the Middle East. The financial and reputational costs of such attacks can be substantial. Project\u00a0 participants must therefore invest in robust cybersecurity measures and stay vigilant against emerging threats.<\/span><\/p>\n<h3><strong>Executive summary<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The Survey set out to identify the cybercrime prevention practices and cybersecurity risks in the Middle East construction\u00a0 sector. Conducted among respondents occupying senior roles primarily in large companies across the Middle East region,\u00a0 the Survey highlighted a concerning reality: even sizable companies lack the necessary readiness to effectively fend off\u00a0 significant cybercrimes. Incidents of phishing scams, ransomware attacks, and data breaches had already affected the sur-\u00a0 veyed companies. Recent media coverage has further emphasised the substantial losses that could stem from cyberattacks\u00a0 targeting the construction sector.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Survey findings indicate that even large companies with resources at their disposal feel that they are not adequately\u00a0 prepared to address or prevent cyber incidents, and many indicated that they do not have sufficient measures in place to\u00a0 mitigate cyber risk. Tackling and averting these threats demands concerted action. Companies must shield their networks,\u00a0 devices, and data through concentrated efforts in employee training, policy implementation, and adequate investment in\u00a0 cybersecurity technology.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Indeed, to protect against cybercrime, construction project participants need to implement robust cybersecurity measures.\u00a0 This includes educating employees on cybersecurity best practices, using strong passwords and two-factor authentication,\u00a0 and regularly backing up data. Collaborating with cybersecurity experts is equally pivotal, enabling companies to identify\u00a0 vulnerabilities and enact appropriate security measures. These measures are particularly important for companies in the\u00a0 construction sector in the Middle East, given the complexity of construction projects and increased sensitivities of their data,\u00a0 supply chains, and stakeholders. Increased reliance on technology in the construction sector in the region makes the need\u00a0 for robust cybersecurity measures even more critical.<\/span><\/p>\n<h3><strong>Findings<\/strong><\/h3>\n<p><strong>Demographics of Survey Respondents<br \/>\n<\/strong><i><span style=\"font-weight: 400;\">Country Distribution<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">The Survey was conducted across multiple countries in the\u00a0 Middle East and some countries outside the region. In the\u00a0 Middle East, responses were received from companies in\u00a0 the United Arab Emirates, Saudi Arabia, Qatar, Jordan, Egypt,\u00a0 Oman, Bahrain, and Iraq. See Figure 1 for the distribution of\u00a0 the respondents\u2019 countries.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Figure 1<\/span><\/i> <span style=\"font-weight: 400;\">Distribution of the survey respondents\u2019\u00a0 countries<\/span><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"size-medium wp-image-45450 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00-300x223.png\" alt=\"\" width=\"300\" height=\"223\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00-300x223.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00-1024x761.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00-768x571.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00-16x12.png 16w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.00.png 1058w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><strong>Demographics of Survey Respondents<br \/>\n<\/strong><i><span style=\"font-weight: 400;\">Company Size<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">The Survey respondents were from a broad spectrum of\u00a0 company sizes, ranging from micro businesses to large\u00a0 enterprises. Most respondents (70%) represented com-\u00a0 panies with over 250 employees (Large Companies). By\u00a0 contrast, approximately 17% represented companies with\u00a0 50\u2013249 employees (Medium Companies), 8% represented\u00a0 companies with fewer than ten employees (Micro Compa-\u00a0 nies), and 5% represented companies with 10\u201349 employ-\u00a0 ees (Small Companies) as shown in Figure 2.<\/span><\/p>\n<p><em><span style=\"font-weight: 400;\">Figure 2 Distribution of the survey respondents\u2019\u00a0 company sizes<\/span><\/em><\/p>\n<p><img decoding=\"async\" class=\"size-medium wp-image-45451 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.43-300x237.png\" alt=\"\" width=\"300\" height=\"237\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.43-300x237.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.43-768x606.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.43-15x12.png 15w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.40.43.png 968w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><strong>Demographics of Survey Respondents<br \/>\n<\/strong><i><span style=\"font-weight: 400;\">Seniority<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">The Survey collected responses from individuals of varying\u00a0 seniority levels within their company: senior management\u00a0 represented 34%; manager or advisor level respondents,\u00a0 approximately 27%; and non- managerial senior employees,\u00a0 25%. The remaining 14% of respondents were high-level sen-\u00a0 ior management, entry-level employees, or others. Figure 3\u00a0 shows the distribution of survey respondents\u2019 seniorities.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Figure 3<\/span><\/i> <span style=\"font-weight: 400;\">Distribution of the survey respondents\u2019\u00a0 seniorities<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><img decoding=\"async\" class=\"size-medium wp-image-45452 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22-300x225.png\" alt=\"\" width=\"300\" height=\"225\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22-300x225.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22-1024x768.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22-768x576.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22-16x12.png 16w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.42.22.png 1128w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/span><\/p>\n<p><strong>Demographics of Survey Respondents<br \/>\n<\/strong><i><span style=\"font-weight: 400;\">Scope of Companies<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">The Survey collected responses from various project par-\u00a0 ticipants involved in the construction sector, including pro-\u00a0 ject managers, contractors, owners, suppliers, architects,\u00a0 and designers. Most respondents (20%) represented project\u00a0 management, while approximately 25% represented con-\u00a0 tractors and sub-contractors. The remaining respondents\u00a0 represented roles such as owners, partners, stakeholders,\u00a0 engineers, designers, and architects, as seen in Figure 4.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Figure 4<\/span><\/i> <span style=\"font-weight: 400;\">Distribution of the survey respondents\u2019\u00a0 company scopes<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-45453 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26-300x237.png\" alt=\"\" width=\"300\" height=\"237\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26-300x237.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26-1024x808.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26-768x606.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26-15x12.png 15w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.44.26.png 1128w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<h3><strong>The Construction sector is particularly vulnerable to cyberattacks<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The construction sector has long been recognised as traditional, implementing technology more slowly than many others. In\u00a0 a 2016 report by McKinsey, it was listed as the second least digitalised industry after agriculture and hunting. <\/span><span style=\"font-weight: 400;\">10<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, the sector\u2019s gradual integration of technology, coupled with its insufficient cybersecurity safeguards, has rendered\u00a0 it an increasingly attractive target for cybercriminals. The Survey results highlight the alarming prevalence of cybercrime and\u00a0 cyberattacks within the sector and underline the need for project participants to prioritise cybersecurity.<\/span><\/p>\n<ul>\n<li><strong>Types of Cyberattacks\u00a0 in Construction :<\/strong>The Survey results indicate that the types of cyberattacks on the increase in the construction\u00a0 sector are phishing scams, ransomware attacks, and data breaches. The escalation of these\u00a0 attacks is largely attributed to the impact of COVID-19. These attacks can lead to the loss of\u00a0 sensitive information, financial losses, and disruptions to the construction process, resulting in\u00a0 delays and additional costs.The Verizon 2020 Data Breach Investigations Report pinpoints social engineering schemes 11\u00a0 as one of the leading cyber threats faced by the construction industry. It involves cyberattack-\u00a0 ers impersonating senior management and key vendors through business email compromise\u00a0 (BEC) tactics. Their goal is to convince victims to transfer funds or provide sensitive information\u00a0 that can be exploited for financial gain. 12<\/li>\n<li><strong>Lack of Preparedness :<\/strong><span style=\"font-weight: 400;\">The Survey results also reveal that the lack of preparedness is not limited to smaller project\u00a0 participants. Large project participants with substantial resources are often unprepared to\u00a0 tackle cyber threats, with many lacking the necessary cybersecurity measures and resources\u00a0 to protect themselves from potential cyberattacks. The previously mentioned 2021 academic\u00a0 survey <\/span><span style=\"font-weight: 400;\">13 <\/span><span style=\"font-weight: 400;\">found that only 39% of construction sector companies had a cybersecurity plan, high-\u00a0 lighting the need for the construction sector to place an increased emphasis on cybersecurity.<\/span><span style=\"font-weight: 400;\">The Survey found that a significant proportion of respondents expressed concern about\u00a0 cybersecurity in the construction sector. Specifically, 34% of respondents were significantly\u00a0 concerned about cybersecurity, while 41% were somewhat concerned. These figures under-\u00a0 line that the majority view cybersecurity as an imperative matter demanding attention or per-\u00a0 ceive their construction businesses as inadequately equipped to handle it.<\/span><span style=\"font-weight: 400;\">A key obstacle to preparedness is awareness and knowing how to navigate risks. When\u00a0 asked about their employer\u2019s understanding of cybersecurity, 34% of respondents to the\u00a0 Survey reported being very well aware of cybersecurity, while 41% had some knowledge\u00a0 about it. This suggests that many construction business owners recognise the importance of\u00a0 cybersecurity but may benefit from additional support to develop their understanding further.<\/span><span style=\"font-weight: 400;\">The Survey also revealed that only 24% of respondents reported a significant investment\u00a0 in cybersecurity, and only 27% stated their investment was sufficient. As many as 27% of\u00a0 respondents said that their investment in cybersecurity was insufficient, indicating a need for\u00a0 more resources dedicated to cybersecurity within the construction sector<br \/>\n<\/span><span style=\"font-weight: 400;\">When asked if their employer periodically conducts cybersecurity risk assessments, the\u00a0 responses were more evenly spread: 37% of respondents said \u2018yes\u2019, indicating that their\u00a0 employer takes cybersecurity seriously and takes steps to assess potential risks; 31% of\u00a0 respondents said \u2018no\u2019, indicating that their employer does not conduct cybersecurity risk\u00a0 assessments; and 32% did not know or were not sure, highlighting a potential gap in cyber-\u00a0 security knowledge within the construction sector.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With cybercrime on the rise, construction companies must prioritise cybersecurity education,\u00a0 resources, and policy implementation to protect their networks, devices, and sensitive data\u00a0 from cyber threats. By adopting a comprehensive set of security measures and working with\u00a0 cybersecurity experts, project participants can mitigate the risk of cyberattacks and protect\u00a0 themselves and their business partners from potential harm.<\/span><\/li>\n<\/ul>\n<h3><strong>Investing in Cybersecurity<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The impact of cybercrime on the construction sector has become a growing concern due to the shift towards digitalisation\u00a0 and remote work. The results of the Survey provide insights into the perceptions of construction sector professionals on the\u00a0 impact of various factors on cybercrime, including human intervention, cybersecurity regulations, national jurisdictions, inves-\u00a0 tigative capabilities, and company financials. Additionally, in this section, we examine the extent to which project participants\u00a0 have policies and procedures in place for addressing cybercrime.<\/span><\/p>\n<ul>\n<li><strong>Human Intervention\u00a0 Plays a Key Role in Cybercrime :<br \/>\n<\/strong><span style=\"font-weight: 400;\">Human intervention plays a crucial role in both perpetuating and preventing cybercrime. As\u00a0 technology advances, the actions, behaviours, and attitudes of individuals towards technol-\u00a0 ogy significantly affect their vulnerability to cybercrime. Most cyberattacks, such as weak\u00a0 passwords, social engineering, or phishing scams, exploit human error or negligence.<\/span><span style=\"font-weight: 400;\">According to a 2022 report prepared by Verizon, human factors played a significant role in\u00a0 82% of approximately 2,250 global data breach incidents. <\/span><span style=\"font-weight: 400;\">14 <\/span><span style=\"font-weight: 400;\">This emphasises the decisive\u00a0 influence of human engagement in cybercrime. The same report further highlights that attack-\u00a0 ers primarily breach security defences by employing malware and capitalising on stolen cre-\u00a0 dentials. This pattern of human-centric cyberattacks is just as prevalent in the EMEA region<\/span><span style=\"font-weight: 400;\">\u2013 where stolen credentials accounted for over 65% of the avenues through which attackers\u00a0 gained unauthorised access \u2013 as it is globally. <\/span><span style=\"font-weight: 400;\">15<\/span><span style=\"font-weight: 400;\">The majority of respondents to the Survey (76%) believe that human intervention has a critical\u00a0 impact on cybercrime. This further underlines the importance of employee training and edu-\u00a0 cation in preventing cyberattacks, ultimately reducing the risk of cyberattacks, as employees\u00a0 are often the first line of defence against cybercrime.<br \/>\n<\/span><\/li>\n<li><strong>Cyber\u00a0 Regulations\u00a0 and Company Policies\u00a0 and Culture Work\u00a0 Together to Create Effective Cybersecurity\u00a0 Environments :<\/strong><span style=\"font-weight: 400;\">Regulations in tandem with company prioritisation of cybersecurity are key to combatting\u00a0 cybercrimes. When asked about the impact of cybersecurity regulations on cybercrime, 37%\u00a0 of respondents said it has a significant effect, while 52% said it has a slight impact. When\u00a0 asked about the broader regulatory and socio-cultural context, 35% of respondents said the\u00a0 location where you do business can significantly influence cybercrime, while 46% said it has\u00a0 a slight effect.<\/span><span style=\"font-weight: 400;\">These findings advocate for a comprehensive approach in which companies wield a pivotal\u00a0 role in cultivating a climate that champions effective cybersecurity regulations. This concerted\u00a0 effort is crucial in preventing and combatting cybercrimes, further emphasising the role of\u00a0 organisations in shaping a protective cybersecurity culture.<\/span><\/li>\n<li><strong>Committing Financial\u00a0 Resources and Taking\u00a0 Investigative Steps Are\u00a0 Key to Preventing and\u00a0 Detecting Cyberattacks :<\/strong><span style=\"font-weight: 400;\">The Survey findings suggest that financial resources and investigative capabilities are essen-\u00a0 tial in preventing and detecting cyberattacks. More than half of respondents (57%) believe\u00a0 that investigative capabilities have a significant impact on cybercrime, while 26% said it has a\u00a0 slight impact. Additionally, 52% of respondents said that a company\u2019s financial investment in\u00a0 cybersecurity significantly affects cybercrime, and 39% said it had a slight effect.<\/span><strong>\u00a0<\/strong><\/li>\n<li><strong>Policies and Procedures\u00a0 Related to Dealing with\u00a0 Cybercrime :<br \/>\n<\/strong><span style=\"font-weight: 400;\">In response to questions about policies and procedures concerning cybercrime, 48% of\u00a0 respondents confirmed having such measures in place. This indicates that the majority of\u00a0 surveyed project participants are actively equipped with policies to safeguard against cyber\u00a0 threats. However, 22% of respondents said \u2018no\u2019, suggesting a potential oversight of this facet\u00a0 of cybersecurity in certain companies. Meanwhile, 30% of respondents did not know or were\u00a0 unsure, highlighting the need for increased awareness and education about cybercrime pre-\u00a0 vention and response.<\/span><\/li>\n<\/ul>\n<h3><strong>Cybercrime and COVID-19<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The COVID-19 pandemic caused significant disruption across various sectors, including construction. The transformation\u00a0 towards remote work and amplified dependence on technology spurred the rise of cybercrime as a pressing concern. <\/span><span style=\"font-weight: 400;\">16<\/span><\/p>\n<ul>\n<li><strong>Impact of COVID- 19 on Crime in the Construction Sector :<br \/>\n<\/strong><span style=\"font-weight: 400;\">In the Middle East, COVID-19 had a recognised impact on cybercrime incidence. When asked\u00a0 about the impact of the pandemic on crime in the construction sector, the responses were\u00a0 as follows:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">29% of respondents reported a significant increase in crime.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">31% of respondents reported a slight increase in crime.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">23% of respondents reported that crime remained about the same.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Yet, only 13% of respondents reported that their businesses significantly changed existing\u00a0 cybercrime prevention measures because of COVID-19; 25% said no changes were made\u00a0 at all.<\/span><\/p>\n<p>&nbsp;<\/li>\n<li><strong>Impact of COVID-19 on\u00a0 Business Vulnerability\u00a0 to Cybercrime :<\/strong><span style=\"font-weight: 400;\">The pandemic also had a significant impact on the vulnerability of construction businesses to\u00a0 cybercrime. When asked about the effect of COVID-19 on their business\u2019s exposure to cyber-\u00a0 crime, the respondents answered as follows:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">15% reported a significant increase in vulnerability.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">67% reported a slight increase in vulnerability.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><strong>Types of Cybercrime Experienced or Observed :<br \/>\n<\/strong><span style=\"font-weight: 400;\">The Survey also asked respondents about the types of cybercrime they experienced or\u00a0 observed from the start of the pandemic. The results were as follows:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">73% of respondents reported a significant or slight increase in phishing and social engi-\u00a0 neering attacks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">25% of respondents reported no change in malware and virus dissemination, 23% reported\u00a0 a significant increase, and 35% reported a slight increase.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">No respondents saw any decrease in denial-of- service attacks, business email compro-\u00a0 mises, social media hacks and spamming, electronic money fraud, sales fraud, identity\u00a0 theft, and credit card fraud.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Survey findings indicate that the COVID-19 pandemic had a notable impact on cybercrime\u00a0 in the construction sector, with a significant number of respondents reporting an increase in\u00a0 cyberattacks. They also suggest that businesses became more vulnerable to cyberattacks\u00a0 during this period, with the prevalence of phishing and social engineering attacks standing out\u00a0 as the most commonly experienced or observed cybercrimes.<\/span><\/li>\n<\/ul>\n<h3><strong>Recommendation<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The first line of defence against any cyber threat, including in the Middle East construction sector, is increasing perception\u00a0 and awareness from the top: \u2018prevention is better than cure\u2019. Most companies could improve value and security by adopting\u00a0 a proactive approach from upper management to tackle cybercrime-related risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Such an approach towards cybercrime risk management typically requires a cultural shift \u2013 this starts with board-level exec-\u00a0 utives who can incorporate cybercrime-related risk into their enterprise risk strategy. In doing so, leaders can quickly identify\u00a0 gaps and steer the organsiation towards a holistic approach in countering cyber threats.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Further, companies should focus on building a sustainable and multi-tiered approach to risk management rather than the\u00a0 piecemeal approach often taken today. A sustainable process starts with a risk assessment. A suggested framework for\u00a0 conducting such an assessment is outlined in Figure 5 and Figure 6.<\/span><\/p>\n<p><strong><i>Figure 5\u00a0 <\/i>The suggested risk assessment framework (functions)<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-45454 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-300x148.png\" alt=\"\" width=\"594\" height=\"293\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-300x148.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-1024x505.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-768x379.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-1536x757.png 1536w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-2048x1010.png 2048w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.52.46-18x9.png 18w\" sizes=\"(max-width: 594px) 100vw, 594px\" \/><\/p>\n<p><strong>Figure 6 The suggested risk assessment framework (categories)<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-45455 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-300x134.png\" alt=\"\" width=\"533\" height=\"238\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-300x134.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-1024x456.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-768x342.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-1536x684.png 1536w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-2048x912.png 2048w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-11.54.05-18x8.png 18w\" sizes=\"(max-width: 533px) 100vw, 533px\" \/><\/p>\n<p>Several cybercrime deterrents are commonly utilised to prevent and alleviate the harm caused by cybercrime. Moreover, various post-breach measures can be implemented to manage and curtail the consequences of a cyberattack or data breach. These include, but are not limited to:<\/p>\n<ul>\n<li><strong>Technical Controls<\/strong><span style=\"font-weight: 400;\">These measures are designed to prevent unauthorised access to computer systems, net-\u00a0 works, and data. Technical controls include firewalls, intrusion detection and prevention systems, anti-virus software, encryption, and access controls. <\/span><span style=\"font-weight: 400;\">In the event of a cyberattack or data breach, companies must first seek to contain the breach\u00a0 and limit further damage by working with legal counsel and the IT team on a plan to isolate\u00a0 affected systems and devices and update security measures and protocols.<\/span><\/li>\n<li><strong>Policies, Procedures, Processes, and Best Practices<\/strong><span style=\"font-weight: 400;\">Policies and procedures are put in place to govern the use of computer systems and data.\u00a0 These may include acceptable use policies, password policies, data backup and recovery\u00a0 policies, and incident response plans. <\/span><span style=\"font-weight: 400;\">Legal counsel can assist companies with developing plans to address vulnerabilities in pro-\u00a0 cesses and corporate policies, which may contribute to a breach, and assist with updating\u00a0 policies and procedures. <\/span><span style=\"font-weight: 400;\">Legal counsel may also recommend that a company subject to a breach conduct an internal\u00a0 investigation to identify the cause, extent, and impact of the breach.<br \/>\n<\/span><\/li>\n<li><strong>Training and Awareness<\/strong>Employees and users of computer systems need to be trained in recognising and avoiding cyber threats. Training can include security awareness training, phishing simulations, and regular reminders of best practices.<\/li>\n<li><strong>Legal and Regulatory\u00a0 Controls<\/strong><span style=\"font-weight: 400;\">Laws and regulations can provide a framework for cybercrime deterrence. These may include\u00a0 data protection laws, data breach notification requirements, cybercrime laws providing criminal\u00a0 penalties for cybercriminals, and licensing requirements for dealing with data on government-\u00a0 procured projects.<\/span><span style=\"font-weight: 400;\">In the event of a cyberattack or data breach, a company may need to take measures to\u00a0 comply with regulatory requirements or respond to regulatory inquiries (among other actions).\u00a0 Once data breaches occur, legal counsel can be effective in advising on requirements to\u00a0 notify regulatory agencies and affected individuals in accordance with data protection laws.<br \/>\n<\/span><\/li>\n<li><strong>Collaboration and Information Sharing<\/strong><span style=\"font-weight: 400;\">Collaboration between organisations, government agencies, and law enforcement can help\u00a0 to identify and respond to cyber threats more effectively. This can include sharing threat intel-\u00a0 ligence, best practices, and resources.<\/span><span style=\"font-weight: 400;\">Overall, an effective cybercrime deterrent strategy should be comprehensive and include a\u00a0 combination of technical controls, policies and procedures, training and awareness, legal and\u00a0 regulatory controls, and collaboration and information sharing.<br \/>\n<\/span><\/li>\n<li><strong>Investing in\u00a0 Cybersecurity Measures<\/strong><span style=\"font-weight: 400;\">To address the issue of cybercrime in the construction sector, project participants must prioritise cybersecurity. They must invest in the necessary measures to protect their assets and\u00a0 operational integrity. This comprehensive effort encompasses the adoption of a multi-faceted\u00a0 cybersecurity strategy that covers employee training, leverages technology, and enforces\u00a0 effective policies.<\/span><span style=\"font-weight: 400;\">Collaborating with cybersecurity and cybercrime experts can help project participants stay\u00a0 attuned to the evolving cyber threats landscape. This proactive approach enables them to\u00a0 implement appropriate countermeasures to mitigate risks. A National Institute of Standards\u00a0 and Technology report recommends that project participants conduct regular risk assessments, implement security controls, and establish incident response plans to protect against\u00a0 cyber threats. <\/span><span style=\"font-weight: 400;\">17<\/span><span style=\"font-weight: 400;\">Companies should always seek to invest in their cybersecurity capabilities to ensure they are\u00a0 sufficiently protected from cyberattacks. However, in the unfortunate event of a breach, having\u00a0 a well- conceived plan is imperative to navigate the intricate and often stressful aftermath with\u00a0 precision.<\/span>&nbsp;<\/li>\n<\/ul>\n<h3><strong>Recommendation<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">The methodology for the Survey\u2019s design, deployment, and analysis is summarised in five steps, as shown in the flowchart\u00a0 in Figure 7. The details of each step are shown below.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Figure 7<\/span><\/i> <span style=\"font-weight: 400;\">Flowchart for the Survey\u2019s methodology<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-45464 aligncenter\" src=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-300x42.png\" alt=\"\" width=\"629\" height=\"88\" srcset=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-300x42.png 300w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-1024x143.png 1024w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-768x107.png 768w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-1536x214.png 1536w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-2048x286.png 2048w, https:\/\/www.accuracy.com\/wp-content\/uploads\/2024\/07\/Capture-decran-2024-07-18-a-12.02.56-18x3.png 18w\" sizes=\"(max-width: 629px) 100vw, 629px\" \/><\/p>\n<ul>\n<li><strong>Step 1 Determining the scope and target population :<\/strong><span style=\"font-weight: 400;\">The first step of designing a survey is to decide on the scope based on the research ques-\u00a0 tions to be answered. These questions will also determine the target population since the\u00a0 focus will indicate who should participate in the survey.<\/span><span style=\"font-weight: 400;\">In this Survey, the scope encompassed a range of objectives. This entailed the identification\u00a0 of cyber risks targeting the construction sector, understanding the level of awareness and pre-\u00a0 paredness of project participants, and assessing the impact of COVID-19 on the prevalence\u00a0 of cybercrimes. The Survey mainly targeted construction sector professionals predominantly\u00a0 in the Middle East region to keep the study focused and draw conclusions more accurately.<\/span><\/li>\n<li><strong>Step 2 Determining the\u00a0 questions and survey\u00a0 structure :<\/strong><span style=\"font-weight: 400;\">The second step is to write questions that effectively address the established research inquir-\u00a0 ies and align with the survey\u2019s defined scope. The questions should be relevant to the target\u00a0 population since some might be unnecessary in specific geographic areas or professional\u00a0 roles. The way of distributing the survey, such as via email, an online survey platform, or in\u00a0 person, should also be decided at this stage since it might affect the type of questions.<\/span><span style=\"font-weight: 400;\">It was decided that the Survey would be conducted via an online survey platform, Qualtrics, to\u00a0 reach the maximum number of participants in the target population. It consisted of six sections:<\/span><span style=\"font-weight: 400;\">(1) Demographics, (2) Organisational and Industry Approach to Technology, (3) Cybersecurity\u00a0 Awareness, (4) Cybercrime Approach, Policies, and Procedures, (5) Cybercrime and COVID-\u00a0 19, and (6) Respondent\u2019s Information. The first and the last sections sought insights into each\u00a0 respondent\u2019s characteristics and that of their employer, such as the size and scope of work\u00a0 of the respondent\u2019s employer and the respondent\u2019s level of seniority. The second section\u00a0 included questions to identify the types of technology utilised by the respondents\u2019 companies.\u00a0 Sections three and four aimed to gauge the cybersecurity awareness of the respondents,\u00a0 their concerns related to cybercrime, and their employers\u2019 preparedness to combat potential\u00a0 cyber threats. Finally, the fifth section included questions to measure the impact of COVID-19\u00a0 on the cybercrime landscape in the construction sector, particularly in the Middle East region.<br \/>\n<\/span><\/li>\n<li><strong>Step 3 Internal checks and\u00a0 finalising the survey :<br \/>\n<\/strong><span style=\"font-weight: 400;\">This step aims to perform checks to detect any potential flaws, assess the clarity of the ques-\u00a0 tions and effectiveness of the survey structure, and optimise the survey length to achieve\u00a0 the maximum number of complete responses. Since three different organisations conducted\u00a0 the Survey, each organisation performed the checks and provided feedback from their per-\u00a0 spectives and using their expertise. The diversity of the scopes of the involved organisations\u00a0 helped improve the Survey. Once all parties agreed on the Survey layout and questions, it was\u00a0 finalised to proceed with the following step.<br \/>\n<\/span><\/li>\n<li><strong>Step 4 Deployment and data\u00a0 collection :<\/strong><span style=\"font-weight: 400;\">This survey step includes distributing the survey questions using the previously decided\u00a0 method. If the survey is online, the link for the survey should be shared with the relevant\u00a0 groups of people via social media, email, or other ways of online communication. Response\u00a0 data should be collected until the agreed cut-off date and stored for analysis at the next stage.\u00a0 In the case of online surveys, if any patterns show that respondents are leaving the survey\u00a0 incomplete at certain sections, it might indicate that it is not well designed and needs improve-\u00a0 ment. The purpose should be to have the maximum number of complete responses without\u00a0 compromising the cohesiveness and purpose of the survey.<\/span><span style=\"font-weight: 400;\">This Survey employed the online survey platform Qualtrics. Therefore, the questions were\u00a0 transferred to Qualtrics in the agreed layout and checked by the involved organisations (Fresh-\u00a0 fields Bruckhaus Deringer, Accuracy, and NYUAD) before distribution. To protect the privacy\u00a0 of the respondents, IP addresses, location data, and contact information were anonymised\u00a0 by default. The respondents provided their contact information, which was kept confidential,\u00a0 in the last section of the Survey, if they wanted to receive the initial findings. Once the Survey\u00a0 was finalised, the link was shared with the partner organisations and via social media, such as\u00a0 LinkedIn. Some entities that received the Survey are the Society of Construction Law (SCL)\u00a0 Gulf and the Royal Institution of Chartered Surveyors (RICS). The distribution of the Survey\u00a0 started on 3 October 2022, and it was kept open until 31 December 2022 (90 days). While\u00a0 187 people began the Survey during this period, 52 completed all sections.<br \/>\n<\/span><\/li>\n<li><strong>Step 5 Analysis and reporting<\/strong><span style=\"font-weight: 400;\">This is the last stage of a survey process. It includes analysing and interpreting the collected\u00a0 data and gathering the findings in a report to share them.<\/span><span style=\"font-weight: 400;\">The responses to the questions were analysed to draw conclusions addressing the purpose\u00a0 of the Survey. While some findings were as expected, such as the high level of concern\u00a0 about cybercrime and low level of cybersecurity awareness and preparedness among project\u00a0 participants, some were unexpected. For example, only 15% of the respondents reported\u00a0 a significant increase in the vulnerability of their businesses to cybercrime due to the new\u00a0 working environment after COVID-19. The findings of the Survey, the main conclusions, and\u00a0 the recommendations to improve the security level of construction project participants are\u00a0 included in this report.<br \/>\n<\/span><\/li>\n<\/ul>\n<h3><strong>Conclusion<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Our findings from the Survey highlight the vulnerability of construction businesses to cyber threats. Research supports the\u00a0 notion that cyberattacks are rising globally, and the construction sector is no exception. We do not consider this trend to\u00a0 be limited to the past. As the industry continues transitioning from paper-based record-keeping to more effective data man-\u00a0 agement in electronic repositories, we expect a continued increase in cybersecurity threats to the sector. This mirrors the\u00a0 concerns expressed by 75% of respondents who feel there are cybersecurity issues in the construction sector.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Survey results indicate that, while some project participants are aware of the importance of cybersecurity, there is a need\u00a0 for increased investment and education in this area. Only half of the respondents feel that their companies have significant or\u00a0 sufficient cybersecurity measures in place to protect against cyber threats in an environment where cybercrime targeted at\u00a0 the sector is rising rapidly. This finding is consistent with other studies, which suggest that many project participants lack the\u00a0 necessary cybersecurity measures and resources to protect themselves adequately from cyber threats.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Project participants must prioritise cybersecurity education, resources, and policy implementation at all levels of their busi-\u00a0 ness to address this issue. This need is magnified by the vast quantities of sensitive data that project participants are likely\u00a0 to hold. This approach aligns with recommendations made by cybersecurity experts, who suggest that project participants\u00a0 adopt a multi-layered approach to cybersecurity, including employee training, technology, and policy implementation. Addi-\u00a0 tionally, working with cybersecurity and cybercrime experts can help project participants stay up-to-date on the latest cyber\u00a0 threats and implement appropriate measures to mitigate risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While the Survey primarily focused on insights from senior-level construction sector employees, it is essential to recognise\u00a0 that there might be variations in cyber awareness and understanding at different levels within a company. For instance, front-\u00a0 line workers or employees in administrative roles may have limited exposure to cybersecurity training or may not be fully aware\u00a0 of the potential risks and best practices. By contrast, IT professionals or those directly involved in technology implementation\u00a0 may have a higher understanding and familiarity with cybersecurity measures than employees in non- technical roles.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To gain a comprehensive understanding of the cybersecurity landscape within the construction sector, future research efforts\u00a0 could include a more comprehensive sample size, encompassing employees from various levels and departments. This\u00a0 would help capture a more diverse range of perspectives and potential disparities in awareness, as well as identify gaps in\u00a0 cybersecurity knowledge.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In summary, the Survey results emphasise the need for project participants to prioritise cybersecurity matters and implement\u00a0 appropriate measures to protect their networks, devices, and sensitive data from cyber threats. The rise of cybercrime in the\u00a0 construction sector is a growing concern, and project participants must take proactive steps to safeguard their assets and\u00a0 reputations. By working with cybercrime and cybersecurity experts and implementing comprehensive security measures,\u00a0 project participants can mitigate the risk of cyberattacks and protect themselves and their business partners from potential\u00a0 harm.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Introduction Cybercrime is a growing concern for the construction sector in the Middle east. Amidst the rise of cybercrimes and cyberattacks, it has become paramount for companies across the globe to prioritise the\u00a0 establishment of strong cybersecurity measures. Freshfields Bruckhaus Deringer, Accuracy, and New York University Abu Dhabi (NYUAD) collaborated to carry out a compre-\u00a0 [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":39090,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[212,263,436,122],"tags":[],"class_list":["post-39088","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-analysis","category-digital-telecommunications-analysis","category-digital-technology-software-analysis","category-perspectives"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cybercrime report - Accuracy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybercrime report\" \/>\n<meta property=\"og:description\" content=\"Introduction Cybercrime is a growing concern for the construction sector in the Middle east. Amidst the rise of cybercrimes and cyberattacks, it has become paramount for companies across the globe to prioritise the\u00a0 establishment of strong cybersecurity measures. Freshfields Bruckhaus Deringer, Accuracy, and New York University Abu Dhabi (NYUAD) collaborated to carry out a compre-\u00a0 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Accuracy\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-20T08:00:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-23T12:49:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1764\" \/>\n\t<meta property=\"og:image:height\" content=\"2081\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"albane.debraquilanges@accuracy.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"albane.debraquilanges@accuracy.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"26 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/\"},\"author\":{\"name\":\"albane.debraquilanges@accuracy.com\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#\\\/schema\\\/person\\\/72929a53f3d091e37119cd84ead1690c\"},\"headline\":\"Cybercrime report\",\"datePublished\":\"2023-12-20T08:00:21+00:00\",\"dateModified\":\"2025-10-23T12:49:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/\"},\"wordCount\":5379,\"publisher\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/Accuracy-Perspectives-Cybercrime-report.jpg\",\"articleSection\":[\"Analysis\",\"Digital - Telecommunications\",\"Digital technology &amp; Software\",\"Perspectives\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/\",\"url\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/\",\"name\":\"Cybercrime report - Accuracy\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/Accuracy-Perspectives-Cybercrime-report.jpg\",\"datePublished\":\"2023-12-20T08:00:21+00:00\",\"dateModified\":\"2025-10-23T12:49:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/Accuracy-Perspectives-Cybercrime-report.jpg\",\"contentUrl\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/Accuracy-Perspectives-Cybercrime-report.jpg\",\"width\":1764,\"height\":2081},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/en_gb\\\/cybercrime-report\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.accuracy.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybercrime report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#website\",\"url\":\"https:\\\/\\\/www.accuracy.com\\\/\",\"name\":\"Accuracy\",\"description\":\"Business Advisers - Financial Consultants\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.accuracy.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#organization\",\"name\":\"Accuracy\",\"url\":\"https:\\\/\\\/www.accuracy.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/unnamed-3.jpg\",\"contentUrl\":\"https:\\\/\\\/www.accuracy.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/unnamed-3.jpg\",\"width\":512,\"height\":512,\"caption\":\"Accuracy\"},\"image\":{\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/accuracy\\\/?originalSubdomain=fr\",\"https:\\\/\\\/www.instagram.com\\\/accuracycareers\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.accuracy.com\\\/#\\\/schema\\\/person\\\/72929a53f3d091e37119cd84ead1690c\",\"name\":\"albane.debraquilanges@accuracy.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g\",\"caption\":\"albane.debraquilanges@accuracy.com\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cybercrime report - Accuracy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/","og_locale":"en_GB","og_type":"article","og_title":"Cybercrime report","og_description":"Introduction Cybercrime is a growing concern for the construction sector in the Middle east. Amidst the rise of cybercrimes and cyberattacks, it has become paramount for companies across the globe to prioritise the\u00a0 establishment of strong cybersecurity measures. Freshfields Bruckhaus Deringer, Accuracy, and New York University Abu Dhabi (NYUAD) collaborated to carry out a compre-\u00a0 [&hellip;]","og_url":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/","og_site_name":"Accuracy","article_published_time":"2023-12-20T08:00:21+00:00","article_modified_time":"2025-10-23T12:49:34+00:00","og_image":[{"width":1764,"height":2081,"url":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg","type":"image\/jpeg"}],"author":"albane.debraquilanges@accuracy.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"albane.debraquilanges@accuracy.com","Estimated reading time":"26 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#article","isPartOf":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/"},"author":{"name":"albane.debraquilanges@accuracy.com","@id":"https:\/\/www.accuracy.com\/#\/schema\/person\/72929a53f3d091e37119cd84ead1690c"},"headline":"Cybercrime report","datePublished":"2023-12-20T08:00:21+00:00","dateModified":"2025-10-23T12:49:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/"},"wordCount":5379,"publisher":{"@id":"https:\/\/www.accuracy.com\/#organization"},"image":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#primaryimage"},"thumbnailUrl":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg","articleSection":["Analysis","Digital - Telecommunications","Digital technology &amp; Software","Perspectives"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/","url":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/","name":"Cybercrime report - Accuracy","isPartOf":{"@id":"https:\/\/www.accuracy.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#primaryimage"},"image":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#primaryimage"},"thumbnailUrl":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg","datePublished":"2023-12-20T08:00:21+00:00","dateModified":"2025-10-23T12:49:34+00:00","breadcrumb":{"@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#primaryimage","url":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg","contentUrl":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/11\/Accuracy-Perspectives-Cybercrime-report.jpg","width":1764,"height":2081},{"@type":"BreadcrumbList","@id":"https:\/\/www.accuracy.com\/en_gb\/cybercrime-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.accuracy.com\/"},{"@type":"ListItem","position":2,"name":"Cybercrime report"}]},{"@type":"WebSite","@id":"https:\/\/www.accuracy.com\/#website","url":"https:\/\/www.accuracy.com\/","name":"Accuracy","description":"Business Advisers - Financial Consultants","publisher":{"@id":"https:\/\/www.accuracy.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.accuracy.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.accuracy.com\/#organization","name":"Accuracy","url":"https:\/\/www.accuracy.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.accuracy.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/08\/unnamed-3.jpg","contentUrl":"https:\/\/www.accuracy.com\/wp-content\/uploads\/2023\/08\/unnamed-3.jpg","width":512,"height":512,"caption":"Accuracy"},"image":{"@id":"https:\/\/www.accuracy.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/accuracy\/?originalSubdomain=fr","https:\/\/www.instagram.com\/accuracycareers\/"]},{"@type":"Person","@id":"https:\/\/www.accuracy.com\/#\/schema\/person\/72929a53f3d091e37119cd84ead1690c","name":"albane.debraquilanges@accuracy.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b7766cb63f9bfaa0c09be6554dcec93090ba8c35aef59eb3bbae153da9a7e60?s=96&d=blank&r=g","caption":"albane.debraquilanges@accuracy.com"}}]}},"_links":{"self":[{"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/posts\/39088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/comments?post=39088"}],"version-history":[{"count":5,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/posts\/39088\/revisions"}],"predecessor-version":[{"id":47165,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/posts\/39088\/revisions\/47165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/media\/39090"}],"wp:attachment":[{"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/media?parent=39088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/categories?post=39088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.accuracy.com\/en_gb\/wp-json\/wp\/v2\/tags?post=39088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}