Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Brazil Builder Bondholders Burned by Bribery Allegations
October 22, 2014 —
Paula Sambo and Sabrina Valle – BloombergBrazil’s biggest construction companies are leaving bondholders with losses in the wake of allegations they bribed Petroleo Brasileiro SA to win contracts.
Queiroz Galvao SA’s $700 million of notes due 2019 have dropped 2.5 percent since Oct. 9, when the Department of Justice made available video in which former Petrobras head of refining Paulo Roberto Costa alleged that builders formed a cartel to overcharge for projects and divert money to politicians. OAS SA’s $875 million of 2019 notes have slumped 1.9 percent in that span, versus a 0.1 percent loss for emerging markets.
Ms. Sambo may be contacted at psambo@bloomberg.net; Ms. Valle may be contacted at svalle@bloomberg.net
Read the court decisionRead the full story...Reprinted courtesy of
Paula Sambo and Sabrina Valle, Bloomberg
Hawaii Supreme Court Reaffirms an "Accident" Includes Reckless Conduct, Finds Green House Gases are Pollutants
November 18, 2024 —
Tred R. Eyerly - Insurance Law HawaiiAnswering certified questions from the federal district court, the Hawaii Supreme Court reaffirmed its prior holding that reckless conduct is an "occurrence' or accident. The court further held that green house gas (GHG) emissions were pollutants under liability policies. Aloha Petroleum, Ltd. v. National Union Fire Ins. Co. of Pittsburg, PA., et al., 2024 Haw. LEXIS 179 (Haw. Oct. 7, 2024). [Disclosure - our office was co-counsel on an amicus brief in this case filed on behalf of the United Policyholders].
The City and County of Honolulu and the County of Maui sued several fossil fuel companies, including Aloha Petroleum, Ltd., for climate change-related harms. The suits alleged that the fossil fuel industry knew beginning in the 1960s that its products would cause catastrophic climate change. Rather than mitigate their emissions, defendants concealed their knowledge of climate change, promoted climate science denial, and increased their production of fossil fuels. Defendants' actions, the complaints alleged, increased carbon emissions, which caused significant damage to the counties.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Co-Housing Startups Fly in the Face of Old-School NYC Housing Law
December 18, 2022 —
Amelia Pollard & Diego Lasarte - BloombergA room in an eight-bedroom Bed-Stuy brownstone with “charming views.” A five-bedroom “modern Manhattan” home. In a housing market as hot as New York City’s, these units advertised on co-housing companies’ websites sound promising. According to the city’s housing regulations, however, neither is legal.
That hasn’t stopped companies from offering the rooms, as renters clamor for affordable living space. With the average studio apartment in Manhattan going for nearly $3,100 a month, newcomers to the city often find living with multiple roommates to be their best affordable-housing option. It’s a trend that startups have jumped on, and one some experts endorse as a way to quickly scale up affordable housing — even though municipal housing laws aren’t on board yet.
The reality is that in many cities, housing laws that limit the number of unrelated individuals in a dwelling are still in place. New York, for instance, doesn’t allow more than three unrelated people to live in the same unit. To be sure, New Yorkers often break that law, as expensive housing forces people to find roommates through friends or on sites like Craigslist. But multimillion-dollar companies breaking that law is new.
Reprinted courtesy of
Amelia Pollard, Bloomberg and
Diego Lasarte, Bloomberg Read the court decisionRead the full story...Reprinted courtesy of
Utah’s Highest Court Holds That Plaintiffs Must Properly Commence an Action to Rely on the Relation-Back Doctrine to Overcome the Statute of Repose
August 20, 2018 —
Shannon M. Warren - The Subrogation StrategistEarlier this summer, in Gables & Villas at River Oaks Homeowners Ass’n v. Castlewood Builders LLC, 2018 UT 28, the Supreme Court of Utah addressed the question of whether the plaintiff’s construction defects claims against the general contractor for a construction project were timely-filed, or barred by the statute of repose. In Utah, the statute of repose requires that an action be “commenced within six years of the date of completion.” The plaintiff alleged that its 2014 amended complaint naming the general contractor as a defendant was timely-commenced because, before the date on which Utah’s statute of repose ran, a defendant filed a motion to amend its third-party complaint to name the general contractor as a defendant, and the defendant subsequently assigned its claims to the plaintiff. The plaintiff argued that the filing of its 2014 amended complaint related back[1] to the date of its original complaint. The Supreme Court disagreed, holding that an action is “commenced” by filing a complaint and that a motion for leave to amend does not count as “commencing” an action.
Read the court decisionRead the full story...Reprinted courtesy of
Shannon M. Warren, White and Williams LLPMs. Warren may be contacted at
warrens@whiteandwilliams.com
Affirmed: Insureds Bear the Burden of Allocating Covered Versus Uncovered Losses
September 28, 2017 —
C. Lily Schurra & K. Alexandra Byrd – Saxe Doernberger & Vita, P.C.The Second Circuit recently affirmed a district court decision that an insured bears the burden of establishing what portion of a jury verdict constitutes covered damages1.
The case arose out of claims for property damage resulting from construction defects in a homebuilding project. The homeowners fired the construction manager, J. Barrows, Inc. (“JBI”), who then sued the homeowners in state court for unpaid fees (the “Underlying Action”). The homeowners counterclaimed, alleging breach of contract and negligence. JBI’s commercial general liability insurer, Harleysville Worcester Insurance Company (“Harleysville”), agreed to defend JBI under a reservation of rights.
Reprinted courtesy of
C. Lily Schurra, Saxe Doernberger & Vita, P.C. and
K. Alexandra Byrd, Saxe Doernberger & Vita, P.C.
Ms. Schurra may be contacted at cls@sdvlaw.com
Ms. Byrd may be contacted at kab@sdvlaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Contractor Given a Wake-Up Call for Using a "Sham" RMO/RME
October 02, 2015 —
Steven M. Cvitanovic & David A. Harris – Haight Brown & Bonesteel LLPTwo weeks ago we wrote about a disgorgement case winding its way through the courts where a contractor who let its license lapse after assigning its contract to a related but properly licensed entity was still facing disgorgement of the entire contract amount. Judicial Council of California v. Jacobs Facilities, Inc. (Ct. of Appeal, 1st App. Dis., Div. One, A140890, A141393.)
Now another disgorgement case, Jeff Tracy, Inc. v. City of Pico Rivera (Ct. of Appeal, 2nd App. District, Div. 2, B258563), shows the risk of not having a genuine RMO/RME. The consequences of disgorgement are potentially devastating and would certainly cause some contractors to go belly-up. The good news for the contractor in this particular case is that the Court of Appeal reversed the trial court. The bad news for the contractor is that damaging facts were revealed during the process of the court trial that will make a victory very difficult to pull off.
Reprinted courtesy of
Steven M. Cvitanovic, Haight Brown & Bonesteel LLP and
David A. Harris, Haight Brown & Bonesteel LLP
Mr. Cvitanovic may be contacted at scvitanovic@hbblaw.com
Mr. Harris may be contacted at dharris@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Connecticut’s New False Claims Act Increases Risk to Public Construction Participants
April 02, 2024 —
Fred Hedberg & William Stoll - Construction Law ZoneAfter several decades, Governor Ned Lamont signed a bill into law, effective July 1, 2023, An Act Concerning Liability for False and Fraudulent Claims, Public Act No. 23-129, eliminating language that previously limited enforcement of Connecticut’s False Claims Act to claims relating to a state-administered health or human services program. The revisions dramatically expanded potential liability under the False Claims Act, allowing both private citizens and the Attorney General to bring actions under the Act in any context, including the construction industry. Consequently, contractors, subcontractors, suppliers and design professionals on public construction projects in Connecticut must be familiar with this newly enacted law and take steps to reduce the risks of doing business on such projects.
Reprinted courtesy of
Fred Hedberg, Robinson & Cole LLP and
William Stoll, Robinson & Cole LLP
Mr. Hedberg may be contacted at fhedberg@rc.com
Mr. Stoll may be contacted at wstoll@rc.com
Read the court decisionRead the full story...Reprinted courtesy of
