A System-Based Proposal to Improve Cybersecurity in Construction Organisations

Abstract

This study investigates the critical cybersecurity vulnerabilities in construction organizations that manage sensitive project data. The primary weakness identified was reliance on consumer-grade digital tools and single-factor authentication, which exposed the organization to phishing attacks, credential compromise, and unauthorized data access. Although prior research has highlighted the risks of digital transformation in the construction sector, a clear gap remains in the practical integration of unified cybersecurity platforms into operational workflows. A System Development Life Cycle (SDLC) methodology was adopted to evaluate existing security processes, identify system deficiencies, and define technical requirements. Based on this assessment, the study proposed the structured implementation of Microsoft 365 Business Premium as a centralized cybersecurity framework. Key components included AI-driven email threat protection via Defender for Office 365, secure cloud governance through OneDrive and SharePoint, and enforcement of multi-factor authentication. The findings indicate that transitioning from fragmented “Shadow IT” practices to an integrated enterprise-level security environment significantly reduces the likelihood of account compromise and enhances operational transparency. The study offers a scalable, practical framework for strengthening data protection and safeguarding decision-making integrity in construction organizations. Implementing enterprise-grade cybersecurity controls is essential to sustaining client trust and ensuring project continuity in an increasingly digital operating environment.