Cyberattacks are running rampant right now. It’s like a competition between the bad actors. My guess is you already knew this, likely because your company may have experienced it firsthand. If you haven’t, well, you are lucky. Very lucky. As 2025 continues to unfold, construction companies must prepare for a future that will require greater cybersecurity. New programs have already gone into effect for defense contractors.
Where Have We Been?
First, let’s examine what we are currently up against. The BCI (Business Continuity Institute) launched its BCI Update Series: Cyber Resilience Report 2024 last year, and the numbers are staggering, but, candidly, not surprising.
Cyber threats have increased, with 75% of respondents reporting a rise in attempted breaches and 39.4% falling victim to a successful cyberattack. There are many attack vectors to consider such as multiple different types of phishing and ransomware.
Ransomware, which emerged as the third most disruptive type of cyberattack to affect businesses in 2024, is identified as the top threat for more than 90% of organizations in the next five years. The challenge is nefarious characters are getting smarter, as these attacks have become more complex, leveraging sophisticated social engineering attempts on senior management. The main causes of cyber incidents were employees opening malicious links, out-of-date software, and using weak credentials.
AI (artificial intelligence) comes into play on both sides of this cyber war. AI is helping craft attacks and deepfake technology is now able to make an attack appear credible. While AI can be a foe, it can also be a friend in the cyber war. AI can help companies with threat detection, ultimately identifying vulnerabilities, alerting to threats sooner.
Where Are We Going?
Looking to the future, the global cybersecurity market is poised to grow. Fortune Business Insights suggests the market is projected to grow from $193.73 billion in 2024 to $562.72 billion by 2032, which is a 14.3% growth rate.
Perhaps one of the biggest challenges is 92% of surveyed organizations have cybersecurity skills gaps in more than one business area. As cloud computing, AI and ML (machine learning), continue to advance, this gap will continue to grow.
What is needed is greater awareness, education, and learning across all organizations. As such, the U.S. DoD (Dept. of Defense) has established the CMMC (Cybersecurity Maturity Model Certification) program in order to verify contractors have implemented required security measures necessary to safeguard federal contract information and controlled unclassified information.
What exactly does this mean? It means the department aims to confirm a defense contractor or subcontractor has implemented security requirements, and the rule will be updated as needed to address evolving cybersecurity standards, requirements, threats, and other changes.
This builds on the November 2010, Executive Order 13556 Controlled Unclassified Information. In 2019, the DoD announced the development of CMMC to move away from a self-attestation model of security. The new rule went into effect on December 16, 2024.
The DoD has relied on security suggestions from the NIST (National Institute of Standards and Technology), which offers guidance on cybersecurity standards. The DoD estimates 8350 medium and large entities will be required to meet CMMC Level 2 C3PAO assessment requirements as a condition of contract award.
Whether you are a defense contractor or a custom homebuilder, the bottomline is cybersecurity will be a big priority in 2025. Have you given thought to how you will approach it in the year ahead?
Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure #cybersecurity