Cyber attacks are posing a growing threat to the delivery of construction projects, with ransomware identified as the most disruptive risk to the sector in the UK. Each incident leads to an average of 24 days of downtime, increasing the likelihood of delays and rising costs, according to a new report.

The study, conducted by insurer QBE and Control Risks, finds that the rapid adoption of digital tools, including Building Information Modelling, connected operational technology and artificial intelligence systems, is expanding the sector’s exposure to cyber risk. While these technologies improve efficiency, they also create new entry points for attackers by linking previously separate systems.

QBE is urging construction firms and their partners to integrate cyber risk into project planning from the outset, focusing on governance, supply chain visibility and tested incident response plans.

Neil Fleming, UK construction portfolio manager at QBE, said: “A single ransomware incident can now derail an entire construction programme. When access to drawings, project data or digital platforms is lost, costs escalate, project completion is put at risk and subcontractors feel the knock-on effect immediately.

“Cyber resilience needs to be considered alongside traditional project risks to deliver on time and reduce unforeseen costs. Many construction firms still treat cyber resilience as an IT issue rather than a project risk. Early engagement between clients, brokers and insurers is essential to ensure cyber exposures are properly understood and addressed alongside other construction risks.”

Inadequate segmentation between IT and OT systems was a contributing factor in 81% of OT incidents in 2025, which saw a 410% year-on-year increase in IoT malware activity targeting the construction sector.

Geopolitical tensions are also increasing the risk of cyber attacks, with state-aligned cyber actors increasingly targeting critical national infrastructure and its supporting supply chains.

---