Analysis of Cybersecurity Issues in Construction Industry in Digital Transformation

Benjamin O. Uwakweh¹, Ajeka Friday², Opeoluwa Adigun³, & Chukwuemeka Chuka-Maduji⁴¹Department of Built Environment, North Carolina A&T State University, USA. ²Department of Computer Systems Technology, North Carolina A&T State University, USA. ³Department of Computer Systems Technology, North Carolina A&T State University, USA.⁴Department of Computer Systems Technology, North Carolina A&T State University, USA.DOI – http://doi.org/10.37502/IJSMR.2025.8805

FULL TEXT – PDF

Abstract

The construction industry is undergoing a profound digital transformation, driven by technologies such as Building Information Modeling (BIM), Internet of Things (IoT), drones, and 3D printing. While these innovations bring significant efficiency and productivity gains, they also introduce new cybersecurity risks. This study systematically reviews literature and industry reports to identify the most critical cybersecurity threats facing the construction industry, including ransomware, distributed denial-of-service (DDoS) attacks, and supply chain breaches. The findings reveal that ransomware remains the most financially damaging, with significant operational and reputational consequences, while human error and third-party vulnerabilities are the primary amplifiers of breach costs. The paper proposes three strategic mitigation measures—comprehensive employee training, AI-driven threat detection, and centralized security information and event management (SIEM) systems—adapted from the NIST framework to the specific context of construction. The main limitation of this study is its reliance on secondary data, which may not capture rapidly evolving threat landscapes or region-specific risks. Future empirical research should validate and refine the proposed strategies across diverse construction environments. By addressing these vulnerabilities, the construction industry can better secure its digital assets and safeguard critical infrastructure.

Keywords: Cybersecurity, Construction industry, Digital transformation

References

Alessandro Mascellino. (2023). China unleashes AI-powered image generation for influence operations.
Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity version 1.1. National Institute of Standards and Technology.
Benson, V., McAlaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element and countermeasures in the current cyber security landscape. In Cyber law, privacy, and security: Concepts, methodologies, tools, and applications. IGI Global, 1264–1269.
Construction Drive. (2024). Safeguarding the construction industry with effective cybersecurity.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10).
Dandaura, E. S. (2015). Cyberspace governance: The imperative for national and economic security. International Conference on Cyberspace Governance: The Imperative for National & Economic Security. https://doi.org/10.13140/rg.2.1.2407.8321
Del Giorgio Solfa, F. (2022). Impacts of cyber security and supply chain risk on digital operations: Evidence from the pharmaceutical industry. International Journal of Technology, Innovation and Management (IJTIM), 2.
Deloitte Global Cyber Threat Intelligence. (2024). Annual cyber threat trend.
Executive Office of the President. (2013). Improving critical infrastructure cybersecurity. Federal Register, 78(33), 11737–11744.
Fouad, N. S. (2022). The security economics of edTech: Vendors’ responsibility and the cybersecurity challenge in the education sector. Digital Policy, Regulation and Governance, 24(3), 259–273.
García de Soto, B., Turk, Ž., Maciel, A., Mantha, B., Georgescu, A., & Sonkor, M. S. (2022). Understanding the significance of cybersecurity in the construction industry: Survey findings. Journal of Construction Engineering and Management, 148(9), 04022095.
Ghelani, D. (2022). Cyber security, cyber threats, implications and future perspectives: A review.
Gorecky, D., Schmitt, M., Loskyll, M., & Zühlke, D. (2014). Human-machine-interaction in the industry 4.0 era. In 2014 12th IEEE International Conference on Industrial Informatics (INDIN), 289–294.
Ham, J. V. D. (2021). Toward a better understanding of cybersecurity. Digital Threats: Research and Practice, 2(3), 1–3.
Hossein Motlagh, N., Mohammadrezaei, M., Hunt, J., & Zakeri, B. (2020). Internet of Things (IoT) and the energy sector. Energies, 13(2), 494.
(2024). Cost of a data breach report.
Khaleefah, A. D., & Al-Mashhadi, H. M. (2023). Methodologies, requirements and challenges of cybersecurity frameworks: A review. International Journal of Wireless and Microwave Technologies, 13, 1–13.
Khurshid, K. et al. (2023). An in-depth survey demystifying the Internet of Things (IoT) in the construction industry: Unfolding new dimensions. Sustainability, 15(2), 1275.
Kim, J. (2017). Cyber-security in government: Reducing the risk. Computer Fraud & Security, 2017(7), 8–11.
Kim, L. (2022). Cybersecurity: Ensuring confidentiality, integrity, and availability of information. In Nursing informatics: Health informatics, interprofessional and global perspective, 391–410.
Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cybercrime on the financial sector. Computers & Security, 45, 58–74.
Loukaka, A., & Rahman, S. S. (2020). Security professionals must reinforce detect attacks to avoid unauthorized data exposure. Information Technology in Industry, 8(1).
Luna, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C. S. (2016). Cyber threats to health information systems: A systematic review. Technology and Health Care, 24(1), 1–9.
Mantha, B. R., & de Soto, B. G. (2019). Cyber security challenges and vulnerability assessment in the construction industry. In Creative Construction Conference, 29–37.
Mantha, B. R., & García de Soto, B. (2021). Assessment of the cybersecurity vulnerability of construction networks. Engineering, Construction and Architectural Management, 28(10), 3078–3105.
Masip-Bruin, X., et al. (2021). Cybersecurity in ICT supply chains: Key challenges and a relevant architecture. Sensors, 21(18), 6057.
Möller, D. P. F. (2020). Cybersecurity in digital transformation: Scope and applications. Springer. https://doi.org/10.1007/978-3-030-60570-4
Mutis, I., & Paramashivam, A. (2019). Cybersecurity management framework for a cloud-based BIM model. In Advances in informatics and computing in civil and construction engineering: Proceedings of the 35th CIB W78 2018 Conference: IT in design, construction, and management, Springer, 325–333
Plėta, T., Tvaronavičienė, M., Della Casa, S., & Agafonov, K. (2020). Cyber-attacks to critical energy infrastructure and management issues: Overview of selected cases. Insights into Regional Development, 2(3).
Qian, X., & Papadonikolaki, E. (2021). Shifting trust in construction supply chains through blockchain technology. Engineering, Construction and Architectural Management, 28(2), 584–602.
(2023). Annual cyber-threat report.
Salami Pargoo, N., & Ilbeigi, M. (2023). A scoping review for cybersecurity in the construction industry. Journal of Management in Engineering, 39(2), 03122003.
Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a more representative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2), 8.
Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. Scitech Lawyer, 10(4), 16.
Sonkor, M. S., & García de Soto, B. (2021). Operational technology on construction sites: A review from the cybersecurity perspective. Journal of Construction Engineering and Management, 147(12), 04021172.
Stavroulakis, P., & Stamp, M. (Eds.). (2010). Handbook of information and communication security. Springer.
Turk, Ž., de Soto, B. G., Mantha, B. R., Maciel, A., & Georgescu, A. (2022). A systemic framework for addressing cybersecurity in construction. Automation in Construction, 133, 103988.
Uddin, M. H., Ali, M. H., & Hassan, M. K. (2020). Cybersecurity hazards and financial system vulnerability: A synthesis of literature. Risk Management, 22(4), 239–309.