Strengthening Cybersecurity in Construction: Strategies to Protect Project Data from Phishing, Ransomware, and Digital Threats in the Industry 4.0 Era

Illustrative Image: Strengthening Cybersecurity in Construction: Strategies to Protect Project Data from Phishing, Ransomware, and Digital Threats in the Industry 4.0 Era
Image Source & Credit: IETresearch
Ownership and Usage Policy

A recent study by Tambwe et al. (2025) titled “Measures to Address Cyber‐Attacks in Construction Project Data Management Processes: A Cybersecurity Perspective” published in IET Information Security reveals that the industry faces escalating risks from phishing, ransomware, SQL injection, malware, insider threats, data loss, and denial-of-service (DDoS) attacks.

“

Effective cybersecurity in construction requires combining human awareness, organizational policies, and technical safeguards for robust data protection.– Tambwe et al. 2025

The study explores the growing intersection of digital transformation and cybersecurity in the construction industry. As the sector embraces Industry 4.0 technologies and increasingly digitizes its project data, it becomes more exposed to a range of cyber threats that can disrupt operations, compromise data integrity, and damage reputations. The research focuses on identifying the cybersecurity threats affecting construction data management, evaluating the protective measures currently adopted by professionals, and recommending strategies to strengthen data security across construction projects. The findings reveal that the industry faces escalating risks from phishing, ransomware, SQL injection, malware, insider threats, data loss, and denial-of-service (DDoS) attacks. These threats not only jeopardize sensitive information but also lead to project delays, financial losses, and reputational damage.

Overall, the study emphasizes that cybersecurity is a vital component of modern construction project management. Technical tools alone are insufficient; human awareness, organizational policies, and compliance with standards are equally crucial. A multi-layered defense strategy, integrating technology, governance, and education, offers the most effective protection. Finally, the research notes that while budget constraints in developing countries remain a barrier to robust cybersecurity adoption, cost-effective alternatives such as open-source tools and cloud-based services can provide practical and scalable solutions to enhance data protection in construction projects.

How the Study was Conducted

The study adopted a quantitative research methodology to evaluate how construction professionals manage cybersecurity risks in project data management. A structured online questionnaire, designed using Google Forms, was distributed through LinkedIn and email to reach professionals across Gauteng Province, South Africa. Participants included quantity surveyors, architects, civil, mechanical, and electrical engineers, IT professionals, construction managers, and project managers, all selected based on their professional experience and affiliations.

To ensure fairness and diversity, a random sampling method was employed, targeting 115 professionals, with 81 valid responses received. The research was ethically approved by the Ethics and Plagiarism Committee of the University of Johannesburg (Approval No. UJ-FEBE-FEPC00246).

Data collected were analyzed using statistical techniques. Respondents rated cybersecurity measures on a five-point Likert scale, and results were converted into Mean Item Scores (MIS) for ranking. Descriptive statistics were used to interpret demographic data, while Exploratory Factor Analysis (EFA) grouped related cybersecurity measures. The Kruskal–Wallis H test was applied to examine differences in perceptions among professional groups, with p-values less than 0.05 indicating statistically significant variations.

Overall, the analysis enabled the identification of the most valued cybersecurity measures and assessed the extent of agreement among various professional disciplines in managing cybersecurity risks in construction project data management.

What the Authors Found

The authors found that effective cybersecurity in construction project data management depends on a multi-layered approach combining staff training, technological safeguards (like encryption and VPNs), and strong regulatory compliance, as human awareness and organizational strategies were found to be just as crucial as technical measures in mitigating cyber risks.

Why is this important

Safeguarding Sensitive Construction Data: The study underscores the urgent need to protect confidential project information—such as designs, contracts, and client details—from cyber-attacks using measures like encryption, VPNs, and staff training to prevent financial losses, delays, and legal risks.

Promoting Secure Digital Transformation: By addressing cybersecurity concerns, the study provides a clear roadmap for safely integrating Industry 4.0 technologies—including BIM, IoT, and AI tools—helping construction firms adopt digital innovations with confidence.

Advancing Affordable Cybersecurity for Developing Economies: It highlights that cost-effective solutions like cloud-based systems, open-source software, and public–private partnerships can enable small and medium-sized firms in developing countries to strengthen cybersecurity without excessive costs.

Strengthening Human-Centered Security: Recognizing that technology alone is insufficient, the study identifies staff training as the most effective defense, emphasizing the importance of human awareness and a strong organizational security culture.

Delivering Data-Driven Insights for Strategic Decision-Making: Through rigorous statistical analysis, the research offers evidence-based guidance to help construction firms prioritize the most effective cybersecurity measures and allocate resources more strategically.

What the Authors Recommended

• The authors recommend prioritizing continuous staff training and cybersecurity awareness programs to reduce insider threats and human error. Educating employees on data protection, password management, and phishing prevention is identified as the most effective first line of defence.
• A comprehensive defence strategy should combine technical, organizational, and regulatory measures. This includes deploying firewalls, antivirus software, encryption, VPNs, IDS/IPS, SSL, regular backups, software updates, and aligning with recognized standards such as the NIST SP 800-30 framework.
• To overcome budget limitations—particularly in developing countries—the authors advise using open-source tools and cloud-based services and forming government-private sector partnerships to subsidize training and security initiatives, focusing on low-cost, high-impact actions.
• Organizations are encouraged to include cyber insurance as part of their overall risk management strategy to mitigate potential financial losses from data breaches, ransomware, or system disruptions.
• Furthermore, the study urges construction firms to adopt Industry 4.0 technologies—such as BIM, IoT, and AI—while integrating robust cybersecurity measures that evolve alongside technological advancements, enabling safe and confident digital transformation.
• In addition, recognizing the diversity of infrastructure and expertise across regions, the authors recommend tailoring cybersecurity strategies to local conditions and fostering collaboration among academia, industry, and government to strengthen cybersecurity capacity and resilience.

In conclusion, the study by Tambwe et al. (2025) reinforces that safeguarding construction project data requires more than just advanced technology—it demands a comprehensive, human-centered cybersecurity culture supported by affordable, scalable solutions and continuous collaboration across industry, academia, and government to ensure resilient and secure digital transformation in the construction sector.