The Constrafor Risk Council is a forum where leading industry professionals provide in-depth perspectives about obstacles and opportunities in risk management for the construction industry. These interactive discussions are led by Adam Wolf, Vice President of Business Development at Constrafor.
Cyber Defenses: The Protocols for Optimal Defense and Protection
Cyber risk is a hot topic and growing concern in the construction industry. With emerging ransomware attacks on big names such as French construction firm Bouygues, Canadian firm Bird Construction, as well as the spear phishing attack on Turner Construction, it’s clear that the construction space is at elevated risk. Industry experts suggest that one reason for the rise in attacks on the industry is the relatively immature cyber defenses in place at many construction firms, combined with a significant rise in the use of technology such as robotics, AI and the Internet of Things. In light of emerging concerns, the U.S. Department of Justice recently launched the Civil Cyber-Fraud Initiative which utilizes the False Claims Act to pursue cybersecurity-related fraud by government contractors, which certainly includes construction firms. A cyber insurance policy is a natural next step – though getting a policy requires considerably more effort than in previous years. Protocols that were acceptable a year or two ago are insufficient today. Many carriers are requiring policyholders to undergo a comprehensive review of corporate processes, safeguards and training to prevent cyber-attacks as a condition of coverage. The good news is that some carriers are also offering to perform an analysis of company protocols and collaborate closely with a firm’s IT team to achieve optimal conditions.
Here’s a few of the basics that must be included in a cyber program:
- Firewalls to prevent attacks
- Near real-time monitoring
- Regular employee training
- Consider hiring a third party firm to conduct a cyber security audit and identify weaknesses.
Construction & Technology
The construction industry has come a long way in the software-as-a-service (SaaS) evolution as construction professionals begin to move from on premises custom built solutions, most with one goal in mind: flexibility. These solutions are easier to deploy and expand with fewer IT resources, are often more robust with ever expanding features and functionality, and have built-in cyber protections. While most are built to automate traditionally manual processes like spreadsheets, thus improving productivity and efficiency, SaaS solutions are also built for data connectivity and data-driven analytics. The two primary categories of software that most contractors use are either an Enterprise Resource Planning (ERP) system or an accounting system; and a project management system. An accounting system handles predominately accounting-related functions such as bookkeeping, accounts payable and receivable, project accounting, etc. An ERP system does all of those things and has components that can help manage HR, inventory, job-costing, payroll, materials procurement and more. Project Management software is designed to help manage all of the communication and documents directly related to physically performing a construction project. It includes things like RFIs, time sheets, work reports, drawings, specifications, project schedules, punch lists and more. Some ERP systems are also now offering Project Management components as part of their packages. Additionally, there are dozens of other pieces of software on the market that plug-in with ERP/accounting systems and project management systems to help provide better connectivity and sharing of information, and to fill in gaps for specific areas that are not fully addressed by ERP/accounting and project management systems. These software solutions are not one-size-fits-all, and require intensive research and due diligence, as each solution offers different services. With a wide range of offerings on the market, GCs must sift through the noise to find the best solution for business needs. Further, the more functions one tool handles, the more complicated it is to use and manage, often requiring additional resources.
Here are the top four concerns to consider:
- Cross Department Value: While finding one solution to meet all the needs of accounting, project management, HR, etc., may not be possible, finding a solution that facilitates seamless data connectivity is possible.
- Range of Capabilities: There may not be a one-fits-all solution for your business needs, but it may be possible to consolidate with a few, well-connected and integrated systems.
- Software Integrations: businesses may have 20+ software solutions they are trying to consolidate as efficiently as possible. Look for a solution that provides robust integrations with your existing software.
- Additional In-House Resources: the most robust software solutions often require a dedicated system manager, requiring additional new hires, sometimes requiring experts in a niche software. Though this may be a non-starter for some businesses, it’s important to weigh the benefit of increased efficiencies and associated cost savings when determining the necessity of a dedicated hire.
Indemnification & Defense in Subcontracts
Legislation in recent years has changed the landscape of indemnity. The fundamental purpose of an indemnity agreement is to protect the holder against costs associated with damages due to a contracted party’s negligence. For instance, the AIA Document A201, “Standard Form of Agreement Between Contractor and Subcontractor,” states that the contractor is responsible for protecting its subcontractors against claims, damages, losses, and expenses, including but not limited to attorneys’ fees. Similarly, the subcontractor is required to indemnify the contractor for all costs and expenses where the subcontractor fails to perform its obligations. The challenge with broad form indemnity clauses is that every state has a different interpretation of indemnity. The Texas legislature allows broad form indemnity is limited to comparative negligence. That means an indemnitor can only require a lower string party to indemnify the upstream party against the consequences of their negligence, to the extent that they caused the property damage or the injury. In Washington, the subcontractor can waive subrogation rights in the event of a loss. A waiver of subrogation must be negotiated in the contract. However, that language has to be in the contract and indicate that it was specifically negotiated and agreed to during the contract negotiation. In California, the indemnitee cannot transfer damages caused by sole negligence or willful misconduct to the indemnitor. Further, there has been some case law that renders some indemnity provisions unenforceable. Review your indemnity provisions to ensure that you use clear and unequivocal language regarding concurrent negligence.
The Road Ahead: Market Forecast and Navigating the Unknown
The construction industry is emerging from the pandemic with a renewed sense of purpose, backed by a somewhat return to normal and considerable federal funding for much needed infrastructure. In the last two years, owners and construction professionals have largely worked together to complete projects despite supply chain issues, workforce challenges and delays related to necessary health and safety protocols. However, the goodwill and collaborative mindset has begun to erode as owners look to get projects back on track.
Here Are Three Tips:
- Communicate: It has never been more important for contractors to communicate with owners regarding ongoing conditions and potential cost escalations.
- Review: Review your contracts and understand stipulations. Many owners are still pushing for pandemic limit language, and in some cases, that language stipulates no or limited liability.
- Educate: For contractors, industry leaders recommend getting project managers involved in the contract review process as well as the associated risk analysis. Many project managers are entirely focused on drawings and specifications—so they don’t understand notice requirements, entitlements and other risk factors that they should be aware of until something goes wrong. Then it’s a scramble to meet the contract stipulations. Not only is the review a great learning opportunity for project teams, but construction leaders have found that when project managers fully understand risks, they make better, more informed decisions throughout a project. Remember, every project manager is essentially running a small business. Every decision made is to reach the end goal of completing a project and ultimately making money. Knowing the details of a contract is an essential component of a successful project and a successful business.
To learn more about how Constrafor can help automate your back office tasks and reduce risk schedule time with an expert here.