Why leading homebuilder companies have a responsibility to help secure supply chains against cyber threats

Working with suppliers is an essential part of any business yet, an attack on even just a single supplier can compromise others in that same supply chain. Cyber threats increasingly target supply chains across homebuilder businesses in the construction sector and a 2023 survey stated that concern is growing.

Cyber threats come in a variety of forms, according to expert Martin Wilson, Police Detective Inspector and Head of Student Services at NEBRC (North East Business Resilience Centre). The most common threats to supply chains are phishing attacks, malware and ransomware attacks, man-in-the-middle (MitM attacks), software and hardware compromise through third-party vendors and insider threats.

Why is the homebuilder industry particularly vulnerable?

The sheer size and variety of suppliers used within a project leaves homebuilder businesses exposed, creating a greater need for collaboration to better secure the industry. With the UK construction industry forecast to reach £476.6 billion in revenue by 2027, huge sums of money may left vulnerable. Other factors include:

1. Complex Supply Chains: Homebuilding involves a vast network of suppliers, subcontractors, and service providers. Each link in the chain can be a potential entry point for cyber attackers. The complexity and interdependence of these supply chains make it challenging to ensure robust cybersecurity measures are consistently applied.
2. High-Value Targets: Large homebuilder organisations handle significant financial transactions, sensitive customer data, and proprietary designs and plans. This makes them attractive targets for cybercriminals seeking financial gain or valuable information.
3. Resource Constraints: Smaller suppliers and subcontractors often lack the resources or expertise to implement strong cybersecurity measures, making them easier targets and weak links in the overall security of the supply chain.
4. High-Volume Transactions: The homebuilding industry deals with numerous high-value financial transactions, including large payments to suppliers, subcontractors, and service providers. This makes it a lucrative target for cybercriminals seeking financial gain through fraud or theft.
5. Critical Infrastructure: Homebuilding is often part of broader critical infrastructure projects. Disruptions to these projects can have significant economic and societal impacts, making them targets for politically motivated cyber attacks.
6. Project Timelines and Deadlines: Homebuilding projects often operate on tight deadlines. Cyber attacks that disrupt schedules can cause substantial delays and financial losses. Attackers may exploit this urgency by demanding ransoms or leveraging disruptions to gain concessions.
7. Proprietary Information: The industry relies on proprietary designs, blueprints, and innovative construction techniques. Cybercriminals may target this intellectual property for theft or sabotage, seeking to gain competitive advantages or sell the information on the black market.
8. Remote Work and IoT: The increasing adoption of remote work and Internet of Things (IoT) devices in construction sites and offices introduces new vulnerabilities. Remote access tools and IoT devices can be less secure, providing additional entry points for cyber attackers.
9. Supply Chain Dependencies: Homebuilders rely heavily on a diverse array of suppliers and subcontractors. Any compromise within the supply chain can have a cascading effect, impacting the entire project. Cyber attackers can exploit weaker links in the supply chain to gain access to larger targets.

What can businesses do to better secure their supply chain?

According to the 2024 Cyber Security Breaches Survey, “31% of businesses and 26% of charities have undertaken cyber security risk assessments in the last year – rising to 63% of medium businesses and 72% of large businesses”. In addition, just over one in ten businesses (11%) review cyber risk for their immediate suppliers but, only 6% review the wider chain.

Martin Wilson, Detective Inspector and Head of Student Services at NEBRC comments: “You might think an attack on a smaller supplier brand is “not your problem” however, any breach within your supply chain puts you at a greater risk. Investing time and resources into securing your supply chain is essential, looking deeper into not just your own business but, reviewing all stakeholders too.

Martin continues: “Set a minimum standard of cybersecurity which you expect others in your supply chain to follow. Get it stipulated into contracts, and ensure it is maintained. Good examples include government certifications such as cyber essentials, which are often mandated in public sector supply chains. Don’t be afraid to ask to see copies of the relevant documentation to ensure that the security meets your standard.”

“Also, not all of your suppliers are equal. Some might have more access to your data than others, so consider taking a deeper dive into their security and maybe less scrutiny of other suppliers who only have very little access to data.”

All businesses within the home building sector, regardless of size, should be implementing their cyber security measures to protect against and prevent cyber attacks. Both large and small businesses can be supported by the local business resilience centres, with smaller organisations often benefiting from larger corporations who often have greater resources to pay for upgraded services.

If you would like to read more stories like this, then please click here