IT Management and Cyber Security for General Contractors

The general contractor job description encompasses every aspect of building construction, whether it is new construction, remodeling, or renovation. General contractor responsibilities include coordinating with subcontractors, managing employees, setting deadlines and budgets, and obtaining appropriate building materials. Contractors must also manage client expectations, troubleshoot the project, resolve emergencies, acquire needed construction permits, and ensure every part of the build is up to code.

general contractor license

Every facet of the general contractor job description involves information, people, other businesses, and government entities. This information is vital, personal, sensitive, and valuable. It must be safeguarded from intruders who would use it for their own gain without thought for the direct harm it would cause the individuals and businesses involved, including the general contractor who is responsible for protecting project information.

IT management and cybersecurity are critically important for the general contractor. Project management for the general contractor encompasses schedules, materials, services, permits, and, most importantly, people. When a cyber-attack steals client, subcontractor, and vendor account information, it hurts people.

Data is the heartbeat of modern business. A data breach can destroy a small company or squeeze the life out of a new business. Insufficient cyber protection is not only highly risky, but it could also be disastrous.

What is the cost of a successful cyber-attack on small businesses?

The impact of a cyber-attack upon a small business will be felt differently than an attack on a large business. The scale of size may mitigate the effects on the larger business even though the actual cost to repair, replace, and a reboot may be vastly more massive than the expense to the smaller business. The damage caused by a breach can put a significant dent in a business’ bottom line. Size does not matter because the attack still inflicts budgetary pain. The intensity and longevity of that pain depend on the nature and extent of the attack, the IT management solutions in place to deal with the catastrophe, and other less noticed impact zones.

According to one source, “The average security breach on a small business will cost about US$38,000, according to a study from Kaspersky Lab. The amount includes the costs of downtime, lost business opportunities and the services the company will need to hire to mitigate the cybersecurity breach. Small businesses pay, on average, about $10,000 in professional services, including the hiring of IT security and risk management consultants, lawyers, auditors, accountants and public relations consultants.”

The effects of a security breach are both visible above the surface and obscured below the surface.

Further delineating the tangential, but profound impacts on small business, the assessment continued, “Downtime costs for smallish businesses hover around $23,000 and lost business opportunities about $5,000. Many of the victims will spend about $8,000 trying to ensure a similar incident doesn’t happen again with investments in new staff members, cybersecurity training for existing employees and making upgrades to its IT infrastructure.”

Estimates are that the direct financial impact on a larger business is even more costly, where the average cybersecurity breach costs about $825,000 which is many times more than the cost for a small business.

While the impact of a cyberattack will be felt differently by small and large businesses, the damage caused by a breach can create a significant dent in a business’ bottom line, no matter its size.

What companies are required to publicly report shapes much of the popular understanding as to the cost and impact of a cyber-attack. Some examples of security breaches that make the news are payment data, personal health information (PHI), and the theft of personally identifiable information (PII). Costs related to customer notification, credit monitoring, and the possibility of legal judgments or regulatory penalties are lower profile, but they are real threats.

Rarely put on public display are instances of data destruction, espionage, intellectual property (IP) theft, attacks on core operations, or attempts to neutralize critical infrastructure. These types of attacks can inflict a more significant injury and lead to additional costs that are more complicated to determine accurately.

The general contractor is an information hub. A successful cyber-attack on this hub is like striking an informational motherload. As the gatekeeper for client, subcontractor, and vendor data, the general contractor has a fiduciary responsibility to protect their data. A managed IT solution is the only and best solution. Will it be an ounce of prevention or a costly pound of cure?

general contractor license

For more information about acquiring a general contractor license or learning how to become a contractor, contact Contractors Reporting Services at (813) 932-5244.