Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Traub Lieberman Partners Lenhardt and Smith Obtain Directed Verdict in Broward County Failed Repair Sinkhole Trial
September 03, 2019 —
Michael Francis Lenhardt & Burks A. Smith, III - Traub LiebermanOn Tuesday, July 16, 2019, Traub Lieberman Partners Michael Lenhardt and Burks Smith won a Directed Verdict at trial in a dispute over Sinkhole Loss coverage in Broward County Circuit Court. The lawsuit arose out of a claim for Breach of Contract involving an alleged “failed repair” of a 2005 sinkhole at the insureds’ property. The Plaintiffs argued that their Policy Limits did not apply because the carrier allegedly undertook the subsurface repairs, relying on Drew v. Mobile USA Ins. Co., 920 So.2d 832 (Fla. 4thDCA 2006). The Plaintiffs asserted that because the insurance company allegedly hired the below ground repair company, a “new contract” was formed, and the Plaintiffs should be entitled to limitless repairs to their home, notwithstanding the Policy Limits. This argument obviously presented the carrier with very significant exposure.
Attorneys Lenhardt and Smith provided a vigorous defense for the insurance company at trial, during which they presented the jury with evidence that the carrier did not, in fact, hire the subsurface repair company. They further established to the jury that the insureds actually signed a contract with the repair company directly, and that the defendant did not invoke the Our Option repair clause of the Policy. After the Plaintiffs rested their case, Mr. Lenhardt and Mr. Smith moved the Court for entry of a directed verdict. The defense argued to the Court that the Plaintiffs could not prove their case to the jury based upon the facts presented as a matter of law, thus entitling the insurance company to a defense verdict.
Reprinted courtesy of
Michael Francis Lenhardt, Traub Lieberman and
Burks A. Smith, III, Traub Lieberman
Mr. Lenhardt may be contacted at mlenhardt@tlsslaw.com
Mr. Smith may be contacted at bsmith@tlsslaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Just Because You Caused it, Doesn’t Mean You Own It: The Hooker Exception to the Privette Doctrine
March 06, 2023 —
Garret Murai - California Construction Law BlogWe’ve written before about the Privette doctrine, which establishes a presumption that a hirer of an independent contractor delegates to the contractor all responsibility for workplace safety. In other words, if a general contractor hires a subcontractor, the subcontractor is solely responsible for the safety of its workers.
There are two major exceptions to the Privette doctrine. The first, the Hooker exception, holds that a hirer may be liable when it retains control over any part of the independent contractor’s work and negligently exercises that retained control in a manner that affirmatively contributes to the worker’s injury. The second, the Kinsman exception, holds that a hirer may be liable for injuries sustained by a worker of an independent contractor if the hirer knew, or should have known, of a concealed hazard on the property that the contractor did not know of and could not have reasonably discovered and the hirer failed to warn the contractor of the hazard.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Nomos LLPMr. Murai may be contacted at
gmurai@nomosllp.com
Do Not Forfeit Coverage Under Your Property Insurance Policy
February 22, 2021 —
David Adelstein - Florida Construction Legal UpdatesIf you have read prior articles (see
here and
here as an example), then you know that when it comes to first-party property insurance policies, an insured must comply with post-loss obligations in the policy. Failure to comply with a post-loss obligation gives the insurer the argument that the insured materially breached the policy and, therefore, forfeited rights to coverage. Naturally, this is avoidable by ensuring post-loss obligations are complied with, ideally under the guidance of counsel and qualified public adjusters to ensure your rights are being preserved and maximized.
[W]hen an insurer has alleged, as an affirmative defense to coverage, and thereafter has subsequently established, that an insured has failed to substantially comply with a contractually mandated post-loss obligation, prejudice to the insurer from the insured’s material breach is presumed, and the burden then shifts to the insured to show that any breach of post-loss obligations did not prejudice the insurer.
Universal Property & Casualty Ins. Co. v. Horne, 46 Fla.L.Weekly D201b (Fla. 3d DCA 2021) quoting American Integrity Ins. Co. v. Estrada, 276 So.3d 905, 916 (Fla. 3d DCA 2019).
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
In Pennsylvania, Contractors Can Be Liable to Third Parties for Obvious Defects in Completed Work
July 10, 2023 —
Michael L. DeBona - The Subrogation StrategistIn Brown v. City of Oil City, No. 6 WAP 2022, 2023 Pa. LEXIS 681 (2023), the Supreme Court of Pennsylvania (Supreme Court) recently held that a contractor can be liable for dangerous conditions it creates even if the hazard is obvious or known by the property owner. In City of Oil City, the City of Oil City (Oil City) contracted with Harold Best and Struxures, LLC and Fred Burns, Inc. (collectively Contractors) to reconstruct the concrete stairs to the city library. Contractors completed their work at the end of 2011. In early 2012, Oil City received reports of issues with the stairs. Oil City notified Contractors that it considered the stairs dangerous and that Contractors’ defective workmanship created the condition. Neither Oil City or Contractors took any action to fix the stairs or warn of the danger and the stairs’ condition worsened with time.
On November 23, 2015, David and Kathryn Brown exited the library. Kathryn Brown tripped on one of the deteriorated steps, falling and striking her head. Kathryn suffered a traumatic head injury and passed away six days later. The Estate of Kathryn Brown and David Brown, individually (collectively, the Browns), sued Oil City as the owner of the library and Contractors. With respect to Contractors, the Browns asserted that Contractors’ work on the stairs created a dangerous condition that presented an unreasonable risk of harm to those using the steps.
Read the court decisionRead the full story...Reprinted courtesy of
Michael L. DeBona, White and WilliamsMr. DeBona may be contacted at
debonam@whiteandwilliams.com
Part I: Key Provisions of School Facility Construction & Design Contracts
May 16, 2018 —
David R. Cook Jr. - Autry, Hall & Cook, LLPWe all expect our school construction projects will go smoothly, on time and under budget. But despite our best efforts, some projects will encounter speed bumps, detours or outright roadblocks. While there are many precautions a school facility manager may take, one of the best precautions is to have solid construction and design contracts.
A good contract will account for the known risks and specify an outcome in favor of the school authority. School construction risks can be categorized into a few categories: performance risk, time risk, cost risk and political risk. Some risks are typical to all construction projects, while others are peculiar to the unique needs of school authorities.
Read the court decisionRead the full story...Reprinted courtesy of
David R. Cook Jr., Autry, Hall & Cook, LLPMr. Cook may be contacted at
cook@ahclaw.com
Court of Appeals Rules that HOA Lien is not Spurious, Despite Claim that Annexation was Invalid
March 27, 2019 —
Jesse Howard Witt - The Witt Law FirmToday, the Colorado Court of appeals reversed a order that had deemed a homeowner association’s lien to be spurious.
The case arose after a developer approved a property owner’s application to annex additional real estate to a community in 1999. Several years later, the developer repurchased the property through a foreclosure sale. Despite its prior approval of the annexation, the developer refused to pay community maintenance assessments, which prompted the association to record a lien under its covenants and a statutory provision of the Colorado Common Interest Ownership Act (CCIOA).
The parties remained in a standoff until 2016, when the Colorado Supreme Court announced two decisions that adopted a stricter standard for annexing property into communities subject to CCIOA. Relying on this new authority, the developer at Stroh Ranch argued that the 1999 annexation was no longer valid. The district court agreed and declared the association’s lien to be spurious.
Reprinted courtesy of
Jesse Howard Witt, Acerbic Witt
Mr. Witt may be contacted at www.witt.law
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Force Majeure Under the Coronavirus (COVID-19) Pandemic
March 29, 2021 —
Lindsay T. Watkins - Ahlers Cressman & Sleight PLLCAs COVID-19 disrupts work and life as we know it, the question many contractors have is what protections are available against the inevitable project impacts and delays? Generally, construction contracts require a contractor to timely perform work until project completion or potentially face damages (liquidated or actual) and possible termination. When events occur, however, that are beyond our control (such as a national pandemic), it is important to review and understand what contract provisions or avenues are available for potential relief.
- Review Your Contract For A Force Majeure Provision.
A “force majeure” contract provision is commonly included in construction contracts, service agreements, purchase orders, etc. It typically covers events or conditions that can be neither anticipated nor controlled. These provisions, however, will vary greatly from contract to contract and may not include the language “force majeure” but rather may be included in general delay or impact clauses. For example, some common provisions include:
- Washington State Department of Transportation Clause (2018 Standard Specifications for Road, Bridge and Municipal Construction): The Contractor shall rebuild, repair, restore, and make good all damages to any portion of the permanent or temporary Work occurring before the Physical Completion Date and shall bear all the expense to do so, except damage to the permanent Work caused by: (a) acts of God, such as earthquake, floods, or other cataclysmic phenomenon of nature, or (b) acts of the public enemy or of governmental authorities; or (c) slides in cases where Section 2-03.3(11) is applicable; Provided, however, that these exceptions shall not apply should damages result from the Contractor’s failure to take reasonable precautions or to exercise sound engineering and construction practices in conducting the Work.
Read the court decisionRead the full story...Reprinted courtesy of
Lindsay T. Watkins, Ahlers Cressman & Sleight PLLCMs. Watkins may be contacted at
Lindsay.Watkins@acslawyers.com