Construction companies preparing bids for high-profile projects may be a cyberattack target, a lawyer has warned.

If a breach takes place, it is critical to understand the motives behind an attack, Ian Birdsey, a partner at Pinsent Masons who heads up the law firm’s global cybersecurity and cybercrime team, told Construction Week.

Hackers may want to steal intellectual property, commit invoice fraud, or obtain valuable information about a high-profile project and pass it on to a rival, he said.

READ: Cyberattack strikes Italian EPC contractor Saipem

“It might be that the construction company is working on a very high-profile project [that is] at the bid stage. It might be that a competitor from another country is competing and [the cyberattack] might be to obtain inside information,” he said. 

Pinsent Masons has handled “hundreds and hundreds” of cybersecurity cases so far, according to Birdsey, who spoke to Construction Week after Italian oil and gas contractor Saipem suffered a cyberattack on 10 December, 2018. 

In the event a hack is identified, compliance with the law is critical, Birdsey said.

“You need to understand and comply with all regulatory notification obligations. For example, [the company] might be regulated by a state regulator and so it may have a statutory or regulatory notification obligation. It might have contractual notification obligations.

READ: No data stolen after Saudi, UAE servers of Saipem hacked

“We’ve dealt with a number of incidents where it’s a purely financial motive and the attacker is trying to perpetrate an invoice fraud,” he added.

“You might try to target individuals in the finance team, a junior employee, or even a director. You could try to launch what’s known as a 'man-in-the-middle' attack, where [hackers] essentially change bank details within the process to divert money to [their] bank account.”

“What we see is that the legal issues are at the core of breach responses; so, it’s really important to have legal at the heart of the response to deal with all the kind of issues that arise out of a data breach or security incident.”