Cyber Insurance for Construction in Switzerland

Swiss construction firms are rapidly digitalising with BIM, cloud project management and connected machinery — and becoming prime targets for invoice fraud and ransomware.

Invoice fraud (BEC) BIM data theft Project management system ransomware Subcontractor supply chain attacks
Typical damage
CHF 100,000 – 2,000,000
Cyber Insurance for Construction in Switzerland

Cyber Insurance for Construction in Switzerland

The Swiss construction industry is in the midst of a comprehensive digital transformation. Building Information Modelling (BIM), cloud-based project management, connected construction machinery and digital tendering platforms have become standard practice. Yet while the industry embraces digitalisation for efficiency and competitiveness, it remains significantly behind other sectors in cybersecurity preparedness — a gap that cybercriminals are increasingly exploiting.

Why Construction Is Particularly Exposed

The Swiss construction sector generates over CHF 60 billion annually and employs approximately 340,000 people. Despite this scale, the industry lags behind in cybersecurity maturity for several structural reasons:

Complex supply chains. A typical construction project involves dozens of subcontractors, architects, engineers, quantity surveyors and suppliers. Each partner represents a potential point of entry for attackers. Project data is frequently exchanged via unsecured channels such as email attachments or shared cloud folders with weak access controls.

Invoice fraud (BEC). Construction is one of the industries most heavily targeted by Business Email Compromise globally. Large invoice amounts, numerous subcontractors, time-critical payments and the sheer volume of financial transactions create ideal conditions for fraud. Swiss general contractors handling multi-million-franc projects are particularly attractive targets.

BIM data sensitivity. 3D building models contain far more than architectural details. They include information about security systems, access controls, cable routing, structural vulnerabilities and technical infrastructure — highly sensitive data, especially for government buildings, data centres and critical infrastructure.

Mobile workforce. Construction workers, site managers and project leaders operate from multiple locations with mobile devices, often connecting to unsecured networks on construction sites.

Top Three Threats

1. Invoice Fraud via Business Email Compromise

Attackers compromise email accounts of project managers or financial controllers and intercept legitimate invoices from subcontractors. They substitute the bank details and forward the manipulated invoice for payment. Because construction projects involve frequent high-value payments and multiple parties, the fraud often goes undetected for weeks. Individual losses of CHF 200,000–800,000 are common.

2. Ransomware Disrupting Project Operations

Ransomware that encrypts project plans, cost calculations, scheduling data and ERP systems can bring a construction firm’s entire operation to a halt. Site logistics, material procurement and payroll all depend on these systems. During a multi-week outage, construction sites operate at reduced capacity, causing cascading delays across all active projects.

3. BIM Data Theft and Espionage

Stolen BIM models of sensitive buildings — banks, government facilities, data centres — expose security-critical information that can be exploited for physical intrusion or sold to competitors. The cost of redesigning security systems and replacing already installed infrastructure after a BIM data breach can easily reach CHF 500,000–1,500,000.

Typical Scenario: Invoice Fraud on a Zurich Office Development

A general contractor in Zurich manages the construction of a CHF 38 million office complex. Attackers compromise the email account of a site project manager and monitor communications for three weeks, learning the project’s payment patterns and subcontractor relationships.

They intercept a legitimate invoice of CHF 540,000 from a facade subcontractor, replace the bank details with their own account in Eastern Europe, and forward it to the accounts payable department with a note explaining a “bank change due to restructuring.” The payment is processed normally.

The fraud is discovered two weeks later when the subcontractor sends a payment reminder. By then, the funds have been transferred through multiple jurisdictions and are irrecoverable. Including legal costs, forensic investigation and insurance excess, the total loss amounts to approximately CHF 590,000.

A cyber insurance policy for Swiss construction firms should include:

  • Cyber fraud / BEC — coverage for losses from manipulated invoices and fraudulent payment instructions
  • Business interruption — revenue loss during outages of project management, ERP and scheduling systems
  • Project data recovery — costs for restoring lost plans, calculations, BIM models and documentation
  • Third-party liability — claims from project owners for data loss, delays or security compromises
  • IT forensics — investigation of network intrusions, email compromises and data exfiltration
  • Contractual penalties — coverage for late-delivery penalties caused by cyber incidents
  • Subcontractor/supply chain risk — protection against attacks that enter via partner organisations
  • Crisis communication — informing project owners, partners and, where necessary, authorities

Premium Indication

For a small Swiss construction firm or specialist trade (10–50 employees), annual cyber insurance premiums typically range from CHF 1,500 to CHF 5,000. Mid-sized general contractors (100–300 employees) should expect premiums of CHF 5,000 to CHF 18,000. Large construction groups handling critical infrastructure projects may require premiums of CHF 20,000 to CHF 60,000, depending on project values, subcontractor networks and existing security measures.

Protect Your Business — Request a Quote

Construction projects involve large sums, complex partnerships and tight deadlines — conditions that cybercriminals actively exploit. Whether you are a general contractor, an architecture firm, a civil engineering company or a specialist subcontractor, a tailored cyber insurance policy is an essential part of your project risk management.

BTAG Versicherungsbroker AG in Bern understands the challenges of the Swiss construction sector. As an independent broker, BTAG finds the right cyber insurance for your business — whether you build residential developments, commercial complexes or critical infrastructure.

Request a no-obligation quote today and protect your projects, your partners and your business from cyber risks.

Have questions about cyber insurance?

Our partners at BTAG are happy to advise you — free and with no obligation.

Learn more Or calculate your costs first
35+
Years of experience
8+
Insurers compared
100%
Independent
FINMA
FINMA registered

A service of BTAG Versicherungsbroker AG, Bern — independent advice since 1990.

BTAG Versicherungsbroker AG Mitglied SIBA FINMA Register-Nr. 12229
Contact us →