Cybersecurity remains a leading concern for contractors and construction executives, according to the 2025 Travelers Risk Index. The annual survey of more than 1,200 business decision-makers found that three out of four respondents in construction said cyber protection is a priority championed by senior management.
The finding underscores how much the industry has shifted in recent years, as contractors rely more on connected equipment, digital project management platforms and cloud-based tools. With more data moving online, construction companies face the same cyber risks as other sectors — from ransomware attacks to breaches that can expose sensitive project or financial information.
At the same time, concern about cyber incidents has eased slightly. This year, 56% of all survey respondents said they worry a great deal or some about cyber threats, down from 62% in 2024 and the lowest level since 2020. Among large companies, the number of leaders who see an attack as inevitable dropped to 62%, compared with 70% last year.
Despite the declining worry, incidents are still on the rise. Twenty-five percent of respondents said their company has already suffered a data breach or cyber event in the past year — the ninth increase in 10 years. Even more concerning: more than one in five companies admitted they had not taken basic protective steps such as installing firewalls, backing up data, enforcing regular password changes or updating software.
Industry experts caution contractors not to grow complacent. Travelers Vice President of Cyber Risk Services Lauren Winchester said staying proactive is critical: “The worst thing a business can do is to become complacent. Don’t stop investing, because the bad actors aren’t stopping.”
For construction firms, where project delays and financial losses can ripple across supply chains, the message is clear: cybersecurity isn’t just an IT issue. It’s a business priority — and leadership buy-in is essential to keeping operations secure.
