Cybersecurity Isn't A Retrofit—It's A Foundation
For all the boardroom rhetoric about cybersecurity being a priority, it still gets short shrift in new industrial construction. Capital projects often ignore cybersecurity or include it in name only, relegating it to the status of an afterthought, something bolted on after construction. However, retrofitting cybersecurity into a live, connected environment can be expensive, risky and disruptive.
Why does this keep happening? It stems from a gap in the strategic planning phase. Engineers and project teams focus on cost control and schedules, so cybersecurity rarely gets treated like other operational technology (OT) systems in capital projects. Safety officers, for instance, help shape asset design from day one. Cyber experts deserve similar authority because cyberattacks can lead to safety failures that affect people, communities and the environment.
Misperceptions Around Cost And Scope
Some mistakenly assume that integrating cybersecurity early adds cost when the fact is that a security-by-design approach avoids costly retrofits and unplanned disruptions later on. Yet, when capital committees face tight financial scrutiny, they tend to treat anything that feels extra—especially something they don't fully understand—as a threat to the budget. So, if they choose to build in cybersecurity later at a higher cost or skip it altogether and face the consequences, those costs may not show up in the initial budget, but they will show up eventually.
Let's recognize that industrial cybersecurity is about more than protecting data; it's about protecting people, uptime and physical infrastructure. If a cyberattack compromises a valve or a safety mechanism, the results can be catastrophic, including environmental disasters, equipment failure and even loss of life. Although capital teams take these risks seriously, they don't view them as cyber risks.
Framing cybersecurity as a process safety issue changes the conversation. These teams already understand HAZOPs, failure modes and emergency protocols. Cyber fits directly into those same frameworks. It doesn't require a new language; it just requires translating cybersecurity into the language that capital teams already speak.
The Risk Of Assumption
The most dangerous assumption in capital projects is believing that 'someone else' is taking care of cybersecurity. Industrial builds include thousands of interconnected devices and systems from multiple suppliers. If nobody is looking at potential systemwide vulnerabilities, that's an invitation to trouble.
The owners assume the OEMs or the engineering, procurement and construction (EPC) contractor have it covered; the EPC contractor assumes suppliers and OEMs are locking down their equipment. But no one's really checking, and even when they do their part, it only covers one piece of the puzzle. New vulnerabilities are bound to surface once all the components are woven together.
Instead, we should think about protecting systems—including monitoring, asset management and segmentation—and move beyond just ensuring that an individual component is secure. We need shared accountability, where everyone does their part.
Ultimately, the owner must step up because it's their name on the line when something goes wrong. That means defining requirements immediately, embedding them into contracts, enforcing them during commissioning and validating them before handoff.
Bringing Cyber Into The Build
What does it look like to integrate cybersecurity into a capital project? It starts at the top, where your leadership must treat cybersecurity as a safety and reliability issue. When executives make clear that cybersecurity is nonnegotiable, it sets the tone for everyone involved. From there, project teams need a playbook to know where cybersecurity fits.
They need clear expectations: What does being cyber secure mean at pre-FEED, at FEED, at design review, during construction and commissioning and, lastly, handover? Spell it out in familiar terms. Translate cyber milestones into the stages that project teams already plan around. Procurement needs to play a role as well. Cyber requirements must be written into RFPs, contracts and vendor agreements. This includes specs for secure-by-design, clean build protocols and validation procedures.
Training is also essential. Capital teams don't need to become cybersecurity experts, but they do need to understand how cyber affects their world. A construction lead should know what insecure remote access looks like, and a procurement manager should be able to flag risky vendor practices.
Finally, cybersecurity must be verified throughout the project, not just at the end. That means testing during construction, requiring commissioning to include cyber validation and ensuring that the handoff process includes documentation of known vulnerabilities, mitigation measures and accepted risk.
Why Now?
Capital project teams can't afford to treat cybersecurity as tomorrow's problem. Consider the following:
• Attackers now use AI to scan for vulnerabilities, create tailored phishing attacks and automate exploitation at scale. If your adversaries are using AI and you're not, you're already behind.
• Digitalization is expanding the attack surface. OT systems are now connected to the cloud, enterprise systems and each other. Every new IIoT device becomes a potential entry point, and traditional isolation models break down.
• Regulatory requirements and standards around industrial cybersecurity are becoming more stringent. Compliance is becoming table stakes, whether it's the NIS2 Directive in the EU or the NERC CIP regulation in the U.S. Failing to integrate cybersecurity can now mean legal and financial exposure.
• Finally, the market itself is demanding better. Investors, insurers and acquirers scrutinize cybersecurity as part of due diligence. If a new asset isn't secure, it could affect the valuation or even derail the deal.
The Clear Message
The build phase is your one shot at complete visibility and control. After that, complexity explodes and your ability to make changes without disruption only gets harder. Waiting until the end isn't just inefficient—it's negligent.
Organizations that integrate cybersecurity from the start will be safer, more resilient and, ultimately, more valuable. So, don't start the discussions after commissioning a project or suffering a breach. Make this front and center, starting with the project strategic planning and capital committee table, when the stakes and opportunity are greatest.
Because in the age of AI, you can't afford not to build it right.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a minute ago
- Yahoo
Crude Prices Plunge on US Economic Concerns
September WTI crude oil (CLU25) on Friday closed down -1.93 (-2.79%), and September RBOB gasoline (RBU25) closed down -0.0553 (-2.54%). Crude oil and gasoline prices sold off sharply on Friday, driven by concerns about global energy demand due to President Trump's tariff policies and weaker-than-expected US economic reports on July payrolls and July ISM manufacturing. Also, Friday's slump in the S&P 500 to a 2-week low curbs confidence in the economic outlook, which is negative for energy demand. More News from Barchart Nat-Gas Prices Recover on Forecasts for Hotter US Weather Crude Prices Retreat on Dollar Strength and US Tariff Policies Crude Prices Fall on Concern Tariff Policies Will Slow Energy Demand Markets move fast. Keep up by reading our FREE midday Barchart Brief newsletter for exclusive charts, analysis, and headlines. Crude prices came under pressure Friday after President Trump late Thursday announced a 10% global minimum and 15% or higher tariffs for countries with trade surpluses with the US, effective after midnight on August 7. The higher tariffs could weigh on global economic growth and energy demand. Friday's US economic news was weaker than expected and bearish for energy demand and crude prices. Jul nonfarm payrolls rose +73,000, weaker than expectations of +104,000, and Jun nonfarm payrolls were revised downward to +14,000 from the previously reported +147,000. Also, the Jul ISM manufacturing index unexpectedly fell -1.0 to 48.0, weaker than expectations of an increase to 49.5 and the steepest pace of contraction in 9 months. Crude prices have support after President Trump said on Monday that he would impose a new deadline of 10 days for Russia to reach a truce with Ukraine before he increases sanctions on Russian energy exports. JPMorgan Chase warned that if enforced, oil markets would be unable to ignore the impact of triple-digit tariffs on Russian oil, given the significant scale of Russian exports and limited OPEC spare capacity, which could potentially lead to a supply shock. The European Union recently approved fresh sanctions on Russian oil due to its aggression against Ukraine. The sanctions package includes cutting off 20 more Russian banks from the international payments system SWIFT, as well as restrictions imposed on Russian petroleum refined in other countries. A large oil refinery in India, part-owned by Russia's Rosneft PJSC, was also blacklisted. Additionally, 105 more ships in Russia's shadow fleet were sanctioned, pushing the number of sanctioned ships above 400. In a supportive factor for oil prices, Bloomberg reported on July 10 that OPEC+ is discussing a pause in further production increases from October, following its next monthly hike in September of 548,000 barrels. OPEC+ may be concerned about a slowdown in global oil demand in the second half of this year that could lead to a supply glut if the group keeps boosting production. The International Energy Agency said inventories have been accumulating at a rate of 1 million bpd and that the global crude oil market faces a surplus by Q4-2025 equivalent to 1.5% of global crude consumption. OPEC+ will meet again this Sunday and is expected to boost its production again by 548,000 barrels per day (bpd) beginning September 1. Concern about a global oil glut is negative for crude prices. On July 5, OPEC+ agreed to raise its crude production by 548,000 bpd beginning August 1, exceeding expectations of a 411,000 bpd increase. Saudi Arabia also stated that additional similar-sized increases in crude output could follow, which is viewed as a strategy to reduce oil prices and penalize overproducing OPEC+ members, such as Kazakhstan and Iraq. OPEC+ is boosting output to reverse the 2-year-long production cut, gradually restoring a total of 2.2 million bpd of production by September 2026. On May 31, OPEC+ agreed to a 411,000 bpd increase in crude production for July, following the same 411,000 bpd hike for June. June crude production rose +360,000 bpd to a 1.5-year high of 28.10 million bpd. Oil prices have been undercut by expectations for Iraq to boost crude exports from its northern Kurdish region through the Iraq-Turkey pipeline, where oil exports have been halted since March 2023. The Iraqi government approved a plan for the semi-autonomous Kurdish region to resume oil exports. Kurdistan expects to supply Iraq's crude market with 230,000 bpd of crude once exports resume. Iraq is the second-largest oil producer in OPEC. An increase in crude oil held worldwide on tankers is bearish for oil prices. Vortexa reported Monday that crude oil stored on tankers that have been stationary for at least seven days rose by +23% w/w to 84.99 million bbl in the week ended July 25. Wednesday's weekly EIA report showed that (1) US crude oil inventories as of July 25 were -5.6% below the seasonal 5-year average, (2) gasoline inventories were -0.7% below the seasonal 5-year average, and (3) distillate inventories were -15.2% below the 5-year seasonal average. US crude oil production in the week ending July 25 rose +0.3% w/w to 13.314 million bpd, modestly below the record high of 13.631 million bpd posted in the week of 12/6/2024. Baker Hughes reported Friday that the number of active US oil rigs in the week ending August 1 decreased by -5 rigs to a new 3.75-year low of 410 rigs. Over the past 2.5 years, the number of US oil rigs has fallen sharply from the 5.25-year high of 627 rigs reported in December 2022. On the date of publication, Rich Asplund did not have (either directly or indirectly) positions in any of the securities mentioned in this article. All information and data in this article is solely for informational purposes. This article was originally published on
Wall Street Journal
3 minutes ago
- Wall Street Journal
What Companies Have Said About Jobs in the Past Quarter
Even before today's dismal jobs report, companies have been sounding off on layoffs and slower hiring in recent weeks. On Thursday, Moderna executives said the biotech company would reduce its headcount by the end of the year to under 5,000, down from 5,800 at the beginning of this year. Procter & Gamble announced in June that it would cut 15% of its non-manufacturing workforce, or up to 7,000 roles, part of a push to create smaller and broader teams. In July, Microsoft said it is cutting 9,000 jobs, or about 4% of its global workforce, in its latest round of layoffs.
Yahoo
31 minutes ago
- Yahoo
Bouygues (BOUYY) H1 2025 Earnings Call Highlights: Strong Construction Backlog and ...
Release Date: July 31, 2025 For the complete transcript of the earnings call, please refer to the full earnings call transcript. Positive Points Bouygues (BOUYY) reported a slight increase in group sales for the first half of 2025, driven largely by the construction businesses. The group's net debt decreased to 8.5 billion at the end of June 2025, compared to 8.7 billion at the same time last year, despite significant acquisitions. Bouygues (BOUYY) has a strong backlog in construction, with a total of 33 billion, providing good visibility for future business. The company is actively pursuing environmental initiatives, including a partnership for low-carbon cement technology and a new power purchase agreement for renewable energy. Telecom operations showed strong performance in the fixed line business, with continued growth in fiber and a stable fixed ABPU. Negative Points The effective tax rate for the group was significantly high at 54% in the first half of 2025, impacted by additional taxes on large companies in France. Equans experienced a slight decline in sales and order book, with noted delays in data center projects and a slowdown in the gigafactory market. The telecom segment faced a competitive market, with challenges in both fixed and mobile segments, impacting growth. Bouygues (BOUYY) is facing challenges in the real estate market due to the absence of tax incentives for individual investors in France. The construction segment's performance is affected by seasonality, with the first half results not being fully representative of the full year. Q & A Highlights Warning! GuruFocus has detected 11 Warning Signs with BOUYY. Q: Can you provide insights into the slowdown in data centers and gigafactories, and whether this is specific to France or more widespread in Europe? Also, are you exposed to this sector outside of France? A: The slowdown is due to changes in technology and market dynamics. For gigafactories, the transition to electric vehicles is slower than expected, and there's a redesign in battery technology. For data centers, there's a shift from air cooling to liquid cooling due to more powerful microprocessors. This is a global trend, not just in France. We are expanding our presence in the US market, which is promising for future growth. CEO Q: Could you comment on the rumors about potential consolidation in the French telecom market? A: There is speculation about market consolidation, particularly with SFR potentially exiting. The European stance on having four operators is evolving, and consolidation might be possible if the market remains competitive. However, discussions are still in early stages, and any concrete plans would require in-depth talks with operators and regulatory approval. CEO Q: What is the outlook for Equans' profit margins, and how do you see the impact of gigafactories and data centers on these margins? A: We are targeting a COPA margin of 5% by 2027. For 2025, we have revised our margin target upwards to 4.2%. The US market for data centers is growing, which should improve our market power and margins. Overall, we are confident in achieving our margin targets due to positive market trends and strategic adjustments. CFO Q: Can you provide details on the tower transaction with SFR and its financial implications? A: We are finalizing the disposal of 2,700 pylons, which will reduce Bouygues Telecom's debt by approximately 350 million by year-end. The transaction is expected to close by the end of the year, and the multiples are in line with market standards. CFO Q: How do you view the competitive landscape in the telecom sector, particularly in terms of pricing and market dynamics? A: The market has become more competitive, especially with SFR's price reductions. However, since July, there has been some improvement in market conditions. We are monitoring the situation closely to see if this trend continues. In fixed lines, new market segments are emerging, which could influence pricing dynamics. Telecom Division Head For the complete transcript of the earnings call, please refer to the full earnings call transcript. This article first appeared on GuruFocus.
