This summer, we have been focusing on the value generative AI (artificial intelligence), powered by LLMs (large language models), is bringing to the construction industry. But as we all know, with opportunity also often comes risk. Perhaps one of the biggest risks to consider is data security. For today’s blog, let’s take a closer look at the risk that exists today—and five ways to create a holistic cybersecurity strategy for your construction company.
According to Cybernews Business Digital Index, 84% of artificial intelligence tools suffered at least one data breach, with 51% facing credential theft. Other concerns are credential reuse and poor hosting configurations.
We also see the Identity Theft Resource Center reports 1,732 public data compromises in the first half of 2025—which is 5% higher than mid‑2024—with cyberattacks responsible for nearly 1,350 of those breaches and more than 114 million compromised records. Attack vectors include phishing, supply-chain compromises, and business email compromises, just to name a few.
What the construction industry ultimately needs is a holistic cybersecurity strategy. Let’s review a few key points to consider.
Governance and controls: There is perhaps no better place to start than with corporate governance. Unmonitored AI use is running rampant right now and employees are often feeding sensitive work data into personal AI accounts. Construction companies need to empower employees with clear guidance for how to leverage AI within the organization.
Technical safeguards: Make sure to put the proper safeguards in place at your construction company including SSL/TLS, hosting security, patching, and more. IT teams need to make sure their systems are as secure as possible.
AI phishing defense: Phishing using AI-generated emails or scam bots is significant—and increasingly effective. Attackers can craft highly personalized messages that outperform traditional methods in click‑through rates. We need to step up email defenses.
Ongoing education: Almost 75% of security leaders consider insiders a greater risk than external threats. Let’s continue to educate our workers. The best offense is a good defense. Let’s be proactive, rather reactive. This starts with good cyber education and hygiene for workers.
Incident preparedness: Conduct regular audits of AI integrations and supply-chain dependencies. Continue to finetune breach response plans as needed.
In this era of artificial intelligence, datasets, models, and workflows are more interconnected—and more exposed—than ever before. Let’s make sure we are considering a layered approach to cybersecurity in construction. We need to combine policy, education, and technology if we want to thrive in an AI-powered world.
Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure #cybersecurity #security