Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Gilbert’s Plan for Downtown Detroit Has No Room for Jail
October 08, 2014 —
Chris Christoff – BloombergBillionaire Dan Gilbert envisions a vibrant and shiny downtown Detroit, where he owns a casino and about 60 buildings. His urban Eden doesn’t include a jail with 2,000 criminals.
Gilbert is resisting county officials’ plans to restart construction on a half-finished jail mired in cost overruns, criminal investigations and debt. The project, which the Wayne County Commission may revive tomorrow, would replace a complex on land that Gilbert, the 52-year-old founder and chairman of Detroit-based Quicken Loans Inc., offered to buy for $50 million to build a hotel, housing and stores.
The dispute over the jail, which has sat unfinished for 16 months, pits one of Detroit’s most prominent boosters against a county government over how to reinvigorate the city’s heart. Gilbert, whose company is the nation’s largest online retail mortgage lender, has invested $1.3 billion there, betting on the former auto-manufacturing capital’s resurgence after decades of decline that pushed it into a record $18 billion municipal bankruptcy.
Read the court decisionRead the full story...Reprinted courtesy of
Chris Christoff, BloombergMr. Christoff may be contacted at
cchristoff@bloomberg.net
No Coverage Based Upon Your Prior Work Exclusion
October 01, 2014 —
Tred R. Eyerly – Insurance Law HawaiiThe California Court of Appeal affirmed the trial court's determination of no coverage for construction defects based upon the policy's prior work exclusion. Yu v. Landmark Am. Ins. Co., 2014 Cal. App. Unpub. LEXIS 5966 (Cal. Ct. App. Aug. 22, 2014).
Plaintiff was the owner and developer of a hotel. She contracted with ATMI Design Build to act as general contractor to construct the hotel. C&A Framing Company was a subcontractor to provide rough framing for the project. In May 2003, ATMI fired C&A before it had completed all the work required by the subcontract. After May 2003, C&A never returned to the construction site. Notice of Completion for the project was recorded April 15, 2004.
In September 2004, Landmark issued to C&A a CGL policy for the period September 18, 2004 to September 18, 2005. The policy was later cancelled, effective January 14, 2005. The policy contained an endorsement entitled, "Exclusion - Your Prior Work." The exclusion barred coverage for "'property damage' arising out of 'your work' prior to 9/18/04."
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Scotiabank Is Cautious on Canada Housing as RBC, BMO Seek Action
April 12, 2021 —
Shelly Hagan & Erik Hertzberg - BloombergBank of Nova Scotia, Canada’s third-largest lender, waded into the burgeoning debate over whether Justin Trudeau’s government should take immediate steps to cool the nation’s hot housing market, issuing a report that cautioned against rushing to implement new constraints.
In a report released Sunday, Scotiabank’s chief economist Jean-Francois Perrault said the recent run-up in home prices nationally over the past year was in large part driven by sluggish supply that failed to keep up with higher demand -- a trend that could reverse itself as new sellers enter the market in coming weeks. If the government does decide to take action, it should target housing speculators, he said.
Reprinted courtesy of
Shelly Hagan, Bloomberg and
Erik Hertzberg, Bloomberg Read the court decisionRead the full story...Reprinted courtesy of
4 Ways the PRO Act Would Impact the Construction Industry
October 24, 2021 —
Andrew M. MacDonald - ConsensusDocsThe Protecting the Right to Organize Act (the “PRO Act”) is a proposed law that would dramatically rewrite the National Labor Relations Act (“NLRA”). Breathtakingly broad in scope, the PRO Act targets several longstanding features of existing law perceived by unions and labor activists to be unfair to labor and too favorable to employers. The proposed legislation is essentially a grab-bag of grievances that the labor movement has compiled over decades and sought to change through legislation and before the National Labor Relations Board (“NLRB”) without success in the past.
While the PRO Act would affect virtually all private sector employers, it would alter the labor dynamic in the construction industry in four major ways:
1. Removing the current prohibitions on secondary, jurisdictional, and other forms of picketing. Current law attempts to balance the rights of employers to operate their businesses without unnecessary interference with the rights of unions to protest concerning wages and working conditions. As part of this balancing act, the NLRA prohibits unions from picketing under certain conditions or with certain aims. These restrictions include the prohibition on “secondary” picketing by unions of neutral employers, which are employers with which the union does not have a direct labor dispute, and “jurisdictional” picketing by unions to force an employer to assign certain work to a specific trade or group of employees. The elimination of these restrictions in the PRO Act would have a significant impact on the construction industry.
Read the court decisionRead the full story...Reprinted courtesy of
Andrew M. MacDonald, Fox Rothschild LLPMr. MacDonald may be contacted at
amacdonald@foxrothschild.com
Topic 606: A Retrospective Review of Revenue from Contracts with Customers
October 12, 2020 —
Christopher Sisk & Robert Mercado - Construction ExecutiveThe anticipation has been building regarding implementation of the new revenue recognition standard, known as Topic 606, by private companies. Public companies have reported under Topic 606 since the beginning of 2019. For private companies, the time is now. As of January 2020, private companies became subject to Topic 606 for all entities with a year-end of Dec. 31, 2019, or subsequent. However, with the COVID-19 pandemic affecting businesses across the board, this year any company with a year-end financial statement not yet issued can defer implementation of Topic 606 until the contractors’ next year end that falls after Dec. 15, 2020.
What have we learned about the impact of Topic 606, if any, on construction contractors’ financial statements? The most significant impact relates to the presentation of contract assets and contract liabilities, and the disclosures associated with Topic 606. The recording of what is known as “the cost to fulfill a contract” is another area that has been affected.
PRESENTATION OF CONTRACT ASSET AND CONTRACT LIABILITY
A contract asset is defined in Topic 606 as an entity’s right to consideration in exchange for goods or services the entity has transferred to a customer, conditional on something other than the passage of time.
Reprinted courtesy of
Christopher Sisk & Robert Mercado, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Mr. Sisk may be contacted at Christopher.sisk@marcumllp.com
Mr. Mercado may be contacted at Robert.mercado@marcumllp.com
Read the court decisionRead the full story...Reprinted courtesy of
Coverage for Construction Defects Barred by Business Risk Exclusions
September 01, 2011 —
Tred R. Eyerly - Insurance Law HawaiiAlthough the court determined there was an occurrence, coverage was excluded by the business risk exclusions. See Cont’l W. Ins. Co. v. Shay Constr. Co., 2011 U.S. Dist. LEXIS 82839 (D. Colo. July 28, 2011).
White was the general contractor on the project. White had three subcontracts with Shay to provide framing, siding, and related work on the project. Shay was insured under a CGL policy issued by Continental Western.
Two of Shay’s subcontractors furnished materials, labor and equipment to Shay. These subcontractors filed suit in state court alleging they had not been compensated for the work and materials. White and Shay were named as defendants. White cross claimed against Shay, alleging Shay had breached its obligations under the subcontracts. Several allegations sounded in contract. Other allegations, however, contended Shay had performed defective work and had damaged the work of other trades in correcting deficiencies in its own performance.
Shay sought coverage under Continental Western’s policy. Continental Western filed suit for a declaratory judgment and moved for summary judgment.
Read the full story…
Reprinted courtesy of Tred R. Eyerly, Insurance Law Hawaii. Mr. Eyerly can be contacted at te@hawaiilawyer.com
Read the court decisionRead the full story...Reprinted courtesy of
Amos Rex – A Museum for the Digital Age
September 10, 2018 —
Aarni Heiskanen - AEC BusinessIn the very heart of Helsinki, a new museum is set to open its doors to showcase the art of the future. Amos Rex is an architectural and artistic gem that seeks to make modern art more accessible for people to experience and enjoy.
The construction work for the museum was almost completed when I visited the site in early August. I met with Kai Kartio, an art historian with years of experience as a museum director.
Kartio has been involved in the construction of Amos Rex from the beginning. The forerunner of Amos Rex was the Amos Anderson Art Museum, which was run by the Konstsamfundet foundation for 50 years in its founder’s own building nearby. Anderson was a Finnish newspaper tycoon and patron of arts who bequeathed his estate to the foundation.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
