Many think of October as a month for cooling weather, spooky decorations and trick-or-treaters. But for an architecture firm, it’s also a great time to think about cybersecurity. Since 2004, October has been celebrated nationally as Cybersecurity Awareness Month, a time when government and industry leaders come together to address the risks posed by cyber attacks.

Cyber risks in architecture, engineering, construction and other related design fields are growing. This Cybersecurity Awareness Month, ensure your firm is protected against three of the biggest risks impacting architects. Here’s what to know.

How Architects Are Impacted

In recent years, cyber attacks have acquired a reputation for impacting large multinational corporations and critical infrastructure. Even so, it is the professional services sector that continues to rank first for cyber claims.

In a study examining over 5,800 claims, almost 20% came from professional services businesses, costing the firms involved a total of $229 million. Architecture firms large and small have not escaped unscathed.

Due to large transactions, high-value data and easy-to-access systems, a number of firms have been hacked in recent years. Notable examples include Zaha Hadid Architects, Weir Group and Royal Bam Group in the UK, Solid Bridge Construction and Parker-Hannifin Corporation in the US, and Bird Construction in Canada.

3 Key Architecture Cyber Risks

Cybersecurity risks can be complex and the threats are constantly evolving. The methods a hacker employs often depends on the goals of an attack. The following are currently some of the top risks for firms in the architecture industry.

1. Ransomware

Ransomware is a type of malware that involves a demand for ransom. This is a particularly dangerous type of cybercrime and unfortunately, it’s become very common.

Ransomware works by installing malicious code on a computer or network when you download an infected email attachment, click a malicious link or visit a fraudulent or compromised website. The software is programed to lock up the files on your device and display a screen with instructions for paying a large ransom with the promise of returning your files.

Unlike other cyber threats that cast a wide net, ransomware tends to be targeted to specific businesses in industries with valuable private data, including architecture. Paying the ransom offers no guarantee your files will be returned and past attacks have ended with data being publicly exposed anyway.

To protect against ransomware, it’s important to:

  • Train for awareness and prevention
  • Secure computers and networks
  • Avoid actions that could download malware
  • Create regular, redundant backups of all data
  • Store backups separately from primary systems

2. Business Interruption

Business interruption is an event that results in a business’s normal operations being brought to a halt. This often happens suddenly and without warning, making it all the more disruptive.

Until recently, a business interruption was typically the result of a fire or flood. But now, firms must worry about one being caused by a cyberattack. Cyber-related business interruptions can be caused by hacks, data loss, malware, ransomware and more. Without normal access to their email, apps or files, most modern businesses will struggle to run.

Business interruption can be unintentional. System break-ins, data theft and ransom demands often result in a work stoppage. However, interrupting operations is sometimes the goal of an attacker, for reasons such as sabotaging a particular project, costing a specific company punitive sums of money or harming business relationships and reputations.

To protect against business interruption, it’s recommended to:

  • Develop a cyber incident response plan
  • Implement robust network security tools
  • Train personnel on the most common threats
  • Improve IT patch and maintenance processes

3. Funds Transfer Fraud

Funds transfer fraud is a kind of targeted online wire fraud, involving the misappropriation and theft of large sums of money.

Funds transfer fraud happens when a cybercriminal inserts themselves into communications facilitating a transaction involving a large sum of money. Examples include mergers and acquisitions, real estate transactions, construction escrow transactions, legal settlements and more.

This scam is dangerous because of the sums of money involved and the considerable difficulty getting the funds back, especially when they are quickly wired overseas.

To protect against funds transfer fraud, it is imperative to:

  • Follow current best practices
  • Focus on personnel training
  • Follow set procedures consistently
  • Verify everything before sending funds

How to Further Protect Your Firm

As a design professional, a cyber attack can be a frightening scenario to consider. Hacks, delays and fraud hit hard in a field like architecture. But taking the right steps during this Cybersecurity Awareness Month can help minimize your risk.

Along with following the best practices to protect against ransomware, business interruption and funds transfer fraud, make sure your firm is protected with the right insurance.

The Cyber Liability coverage offered by Lockton Affinity Architect + Engineer is designed to protect your firm from the costs associated with a cyber attack if hackers do somehow get through your defenses.

To learn more about the coverage options available from Lockton Affinity Architect + Engineer, visit us online at or call 888-425-7011.