Cyber insurance for contractors and construction companies

What is a cyber incident?

The National Cyber Directorate defines a cyber incident as follows: "An occurrence that indicates a possible disruption to the proper functioning of a cyber asset, which there is reason to believe stems from deliberate activity in cyberspace."

For construction companies, a cyber incident can be any damage to company assets including content management systems, websites, emails, smartphones, and the like.

Key Concerns

A primary concern is ransomware attacks. This is malicious software that takes control of data and information with a ransom demand for its removal to "unlock" blocked computers, prevent publication, or any concrete threat according to the victim's activities and/or information in the possession of the criminal entity.

It's important to know that a cyber incident for a construction company can manifest in different ways, not just as ransomware attacks. Construction companies may suffer from various types of malware such as "computer worms," viruses, spyware, Trojan horses, and more.

Cyber attacks on construction companies don't only occur through digital means and sometimes penetrate through other channels like mobile phones and smartwatches. This includes taking control of hardware such as the camera or audio systems of the phone/computer to perform eavesdropping or surveillance.

Construction companies can fall victim to these attacks and find themselves, due to an "innocent" email or even less, subject to blackmail regarding business information about future tenders, information about projects in progress or in planning, customer and resident details, and more.

The Importance of Rapid Response: Managers and executives in construction companies need to know that from the first moment there is suspicion of a cyber attack, it's very important not to delay and to contact a cyber expert as soon as possible. It's necessary to determine whether malware has been planted in the databases, whether due to corporate espionage or as a result of an action by one of the company's employees (intentionally or in good faith). Nowadays, when a significant portion of work is performed remotely, security breaches are many times more numerous (and an opening invites a thief). Cyber attacks are becoming increasingly sophisticated, and it's necessary to keep a finger on the pulse in terms of innovation and technological updates at the level of information security.

What is included in cyber insurance?

Itzick Simon, the leading agency for construction and infrastructure insurance, markets effective cyber insurance that includes not only protection against ransomware attacks but also a wide range of effective coverages and essential services in times of need, for example:

• Compensation for loss of income to the insured following a cyber incident.

• Compensation for recovery after a cyber incident, including through digital data recovery.

• Coverage for cyber expert expenses to diagnose a cyber incident and provide a response with an action plan.

• Coverage against ransom payment following hacker attacks and hostile takeovers.

• Coverage against third-party claims who were affected following a cyber incident at the insured's premises - for example, privacy violations, information leaks, delays in schedules, intellectual property infringement, and more.

What are blackmail and ransom threats?

Extortion and ransom threats are common threats that are largely protected under cyber insurance. Dealing with a ransomware attack through malware infiltration requires both defensive measures to prevent the attack, and of course, an effective solution during the incident. This spans from the initial stages of the attack until its resolution through various means (not necessarily through ransom payment, although unfortunately this solution is common).

Ransomware attacks are typically carried out through malicious ransomware that infiltrates company computers, encrypts files and/or prevents access to information and computing systems. Ransomware uses various techniques to disrupt the normal operations of a construction company. For example, encrypting entire hard disks, preventing access to operating systems, locking screens, encrypting data on computers or servers, PIN locking, and so on.

The malware operator demands a ransom payment from the victim in exchange for releasing the system or not using the information in their possession. The malicious software can infiltrate through various vulnerabilities such as email messages, SMS messages, links on websites, suspicious files, and so on. Payment of ransom demands is typically requested through an untraceable payment system (like cryptocurrency).

Examples of Ransomware Attacks

​Ransomware attacks are a major concern for businesses and organizations, including construction companies and developers. Law enforcement agencies in Israel estimate that ransom demands amount to hundreds of millions of shekels annually. Here are some examples of incidents that have been reported in the media in recent years:

• Atraf – An online dating site fell victim to a ransomware attack in which attackers claimed that all user data and passwords were in their possession. To prove their seriousness, the attackers, identified with Iran (and therefore linked to ideologically motivated cyber terrorism), published explicit details of more than 1,000 users. This while declaring that it was only 1% of the information in their possession. The breach was apparently carried out by breaking into the hosting company of the popular application.

• Shirbit – The insurance company Shirbit fell victim to a ransomware attack whose motives were not fully clarified and was demanded to pay one million dollars in Bitcoin. According to reports, the company refused to pay the fine, despite the attackers publishing extensive data and information.

• Hillel Yaffe Medical Center – In October 2021, hackers breached the computers of Hillel Yaffe Medical Center in Hadera and shut down entire systems for an extended period. The Ministry of Health estimated the cost of data recovery at approximately 36 million shekels.

Why should you purchase cyber insurance through us?

Construction companies have undergone digitization processes in recent years and, similar to all players in the economy, they rely on electronic communication and smart technological means. As a result, they are exposed to digital attacks such as network threats, computer data encryption, business cyber espionage, and more.

The insurance agency Itzick Simon, which has been operating in the construction insurance industry for over 30 years, offers its clients the comprehensive solution for cyber incidents.

We market cyber insurance that will serve as an additional layer in your company's risk management, according to market needs and changing risks. Cyber insurance for construction companies with coverage against ransomware attacks, ransom demands, digital data recovery, computer information theft, causing damage to customers and suppliers, industrial espionage, hacker attacks, and more.

The cyber insurance policy at Itzick Simon Agency is customized according to a careful characterization of the technological means used by the company. The insurance provides protection against a wide range of damages involved in a cyber incident. From loss of income or compensation for recovery and restoration expenses, through coverage for a wide variety of possible damage scenarios, to handling third-party claims resulting from the cyber incident in your company.