Cyber Security in the Built Environment: Protecting projects, data, and digital assets

[edit] About

Cyber Security is not just an IT issue; it is a business issue. This is a practical technical information sheet suitable for built environment professionals. This publication will help professionals understand and manage cyber security risks, protect projects, data and digital assets.

Read more of our Technical Information Sheets here.

[edit] Summary

This practical technical information sheet helps construction firms and built environment professionals understand and manage today’s most common cyber risks, from ransomware and phishing to payment fraud.

It explains how attacks happen and what simple, effective steps professionals can take to prevent them.

With clear advice on Cyber Essentials, staff training, incident response, and recovery, it shows how to build resilience without unnecessary complexity.

It is designed to help professionals and their firms protect their projects, their data and their reputation.

[edit] Contents

1. Cyber Security in the Built Environment: Protecting projects, data, and digital assets
   1. Why cyber security matters in construction
   2. What do cyber incidents cost construction firms?
   3. Aim and Scope
   4. Proportionality and risk
2. Understanding cyber security basics
   1. What is cyber security?
   2. Cyber security vs IT security
   3. The construction sector’s unique cyber risk profile
3. The current threat landscape
   1. Ransomware
   2. Phishing emails
   3. Business email compromise (BEC)
   4. Dark web and credential theft
   5. Insider threats
   6. Supply chain vulnerabilities
   7. Assessing threats: ease, likelihood, and impact
   8. Secondary impacts of cyber incidents
   9. Real-world examples: cyber incidents and their impacts
4. Core defence measures
   1. Cyber Essentials (and Cyber Essentials Plus)
   2. Strong authentication and access control
   3. Defences against phishing and BEC
   4. Data and device protection
   5. Backup strategy
   6. Dark web monitoring
   7. Supply chain security
      1. Cyber Security checklist for construction projects
   8. Site-specific measures
   9. Quick wins
   10. Measuring effectiveness
   11. Common pitfalls to avoid
5. Building cyber awareness and culture
   1. Staff cyber security training
   2. Phishing simulations and practical exercises
   3. Embedding a ‘report, don’t blame’ culture
   4. Creating and using a clear cyber security policy
      1. A simple cyber security policy: what to include
   5. Leadership and culture
   6. Measuring awareness and culture
   7. Common pitfalls to avoid
6. Testing, monitoring and continuous improvement
   1. Penetration testing
   2. Vulnerability scanning versus pen testing
   3. Security Operations Centres (SOCs)
   4. Centralised logging and visibility
   5. Regular audits and reviews
   6. Continuous improvement
   7. Measuring success
   8. Common pitfalls to avoid
7. Responding to incidents and recovering quickly
   1. Preparing for incidents: incident response planning
   2. Incident response in practice
   3. Disaster recovery and DRaaS
   4. Legal, regulatory and communications considerations
   5. Post-incident review and learning
   6. Common pitfalls to avoid
8. Building a sustainable cyber security strategy
   1. Making the business case for cyber security
   2. Building a practical cyber security roadmap
   3. In-house vs outsourced cyber security: choosing the right model
   4. Using external support effectively
   5. What makes a strategy sustainable
   6. Common strategic pitfalls to avoid
   7. Senior management checklist: building and maintaining cyber security
9. Conclusion and next steps
   1. A practical action plan
   2. Embedding cyber security into everyday business

References

Further reading

About the Author

CIOB Members

CIOB members can access Technical Information Sheets for FREE and receive a 20% discount on our Codes and Guides. Your discount codes are in the members’ portal. ↗ If you experience difficulties accessing the portal, contact lis@ciob.org.uk.