Design and construction industry firms underestimate their vulnerability to cyberattacks, according to a new report, Data Resilience in Design and Construction: How Digital Discipline Builds Stronger Firms by Dodge Construction Network and content security and management company Egnyte.
Fifty-nine percent of firms responding to a survey experienced a cybersecurity threat within the last two years. General contractors were hit most frequently, with 70% experiencing a threat and 30% suffering a ransomware attack since 2021.
Successful attacks can be dire, with 77% of firms saying they would experience critical schedule delays if access to documentation is blocked for more than five days. Ransomware attacks often take a lot longer to resolve than just a few days, though.
The average duration of a successful ransomware attack in the U.S. ranged from 15 days to 26 days between the first quarter of 2020 and the second quarter of 2022, according to Statista, a company that operates a global data and business intelligence platform.
The study also says that the industry needs improvement on data resilience, which it defines as “the ability to access all project and business documents and data to support work at any time, from anywhere, and on any device.” Just 39% of AEC firms’ data networks meet that standard at least 90% of the time, “meaning most of the industry struggles with this issue.”