Cyberattackers take aim at construction industry

While construction professionals are trying to build, cyberattackers are doing their best to sneak onto the job site—or at least the accompanying IT infrastructure.

The construction industry—a patchwork of partners and contractors, each with varying security controls—gives threat actors multiple options for compromises. For instance:

• An annual report from the Identity Theft Resource Center (ITRC) revealed cyberattacks against the construction industry held steady in 2025. The ITRC calculated 119 total compromises in the US last year—up from 105 in 2024 and 71 in 2023.
• Dragos, in its review of cybersecurity incidents in Q3 2025, called construction “the top manufacturing subsector impacted by ransomware.”
• Cybersecurity company Check Point Software Technologies reviewed cyberattacks in February 2026 and found 1,898 weekly global cyberattacks on average—an increase of over one-third compared to the previous year’s amount.

What’s leading to an increase in hardhat hackers?

Construction is fragmented. Construction projects generally have lots of contractors and subcontractors: plumbers, roofing companies, HVAC, and even IT. These partners potentially require access to project data and payment systems.

On a daily basis, that means a network of architecture, engineering, and general contracting firms interacting on financial systems, creating purchase orders and contracts—a major challenge for an IT pro who wants to enforce a deny-heavy, zero-trust access policy, according to Jeff Sample, IT consultant and senior industry development manager of trades at construction-collaboration platform Bluebeam.

“How do you have zero trust when you’ve got 50, 60, 70 partners that you’re working with on a complex project that’s got to move forward?” Sample said. “It’s really hard to balance that security and still have people have access to the information they need at the time they need it.”

Across all industries in the last five years, major supply-chain and third-party compromises have increased “nearly 4-fold,” according to IBM’s recently released Threat Intelligence Index. The third-party breaches have led to “widespread infiltration, disruption, or data theft.”

Construction is time-sensitive. Complex builds may have strict timelines that can make employees want to address invoices as quickly as possible. A hacker can take advantage of that sense of urgency and power fraudulent transactions with threats like, “Hey, we’re not going to be able to get this material to your site unless I get this invoice paid,” Sample said. (Sample shared recent, spam-heavy email compromises he’s seen in his sector recently.)

Construction has a lot of data and digital tools. Construction companies hold proprietary architectural designs, bid documents, financial plans, sensitive client information, and lots of valuable data that a cybercriminal might be interested in, according to Rapid7 Labs Senior Threat Intelligence Researcher Jeremy Makowski, who wrote about the construction sector’s unique vulnerabilities in November 2025.

“Data is gold for cybercriminals,” Makowski told IT Brew.

What defenses are missing. The pros who spoke with us said construction IT emphasized basic security controls as essential to the construction sector: Multi-factor authentication, network segmentation, anomaly-detection tools, threat awareness training, and clear ownership around processes like who gets to make payments and enforce access changes, for starters.

While sectors like finance and healthcare have long invested in cybersecurity, Makowski argued in his post, many construction firms are just starting to get up to speed on controls: “Legacy systems, limited IT budgets, and a traditional focus on physical rather than digital risks have left gaps in defenses. As a result, attackers often find weaker security controls, outdated software, and unpatched systems, making this sector a prime target.”

And data centers are so hot right now. Fraser Patterson, CEO of Skillit, an AI-supported hiring platform for the construction industry, sees the buildout of expensive data centers driving adversaries toward the sector. Meta announced a multibillion-dollar plan for its massive data centers, and other tech giants like Amazon, Microsoft, and Google are following suit with AI infrastructure buildouts.

“My hypothesis is that construction is becoming atypically visible as a result of the push for compute because there’s so much data center infrastructure being built out, so it’s getting attention from the world in a way that it previously hasn’t,” Patterson said.

Skillit shared data with IT Brew about a rise in cybersecurity, IT support, and systems admin talent entering the construction industry over the past year. According to Skillit, IT-related profiles on the company’s platform reached 976 in the Q1 of this year—up from 350 in Q2 2025.