
By BJ Gardner, Assistant Vice President of Information Technology
Gone are the days when lumber business owners primarily managed their data in-house. Today, cloud platforms and software tools have blurred the boundaries of who can access a business’s sensitive information resulting in not just third-, but fourth- and fifth-party cyber risk exposures. In short, your lumber business’ data is likely now part of a much larger, interconnected ecosystem and as a result, exposed to commercial cyber risk.
Fortunately, business owners don’t have to be too tech savvy to take steps to protect their business from a cyber event.
A Look at the Risk
While the cyber risk landscape has expanded for business owners in lumber and elsewhere with more sophisticated attacks, two fairly simply cyber threats continue to produce the most insurance claims in our space.
Phishing attacks continue to be the primary entry point for bad actors, in which bad actors pose as a member of the lumber business requesting funds or sensitive information to access a system. Such attacks are becoming more sophisticated with the use of AI, including voice-based impersonation attempts.
Second, the application of ransomware to company systems continues to drive claims in our space. With ransomware, bad actors gain access to a company’s data through malicious software known as “malware”. Where bad actors once simply encrypted the data and restricted a company’s access to it, they are now immediately threatening to release sensitive data to the public.
Whether an international financial services company, a major retailer or neighborhood lumber and building material facility, your business is at risk. Cyber risk is not just a technical issue. It’s a business-wide concern that requires consistent attention.
Prevention Measures Needed for an Effective Cyber Program
As cyber risks continue to evolve, lumber and building materials businesses need a more sophisticated cyber program. From employee training to vendor oversight and response planning, the following strategies can help organizations strengthen defenses and reduce exposure across the business:
- Vendor relationships: Establishing clear expectations with vendors. Share security questionnaires and contract requirements. Completed vendor questionaries and contracts allow business owners to understand how partners store, access and protect sensitive information, while also creating accountability around security expectations before a relationship begins.
- Training: Ongoing employee cyber risk mitigation training is one of the most impactful investments a lumber and building material business owner can make when it comes to protecting their business from cyber risk. When employees can recognize suspicious activity and respond appropriately, they become a critical line of defense against cyber risk rather than a point of vulnerability. Over time, repetition and reinforcement help build a stronger security culture across the organization. Employee cyber training, such as phishing tests, should be held on a monthly, if not a weekly basis. This will give companies an idea of employee awareness and draw attention to team members who may need additional training or gaps in their training program.
- Additional layers of protection: Regular vendor reviews, penetration testing and cyber risk assessments all play a role in identifying weaknesses before they are exploited. Just as important is preparing for the moment your lumber business does experience a cyber event. Tabletop exercises and disaster recovery testing ensure that teams understand their roles and can respond quickly to limit disruption. Additionally, organizations should also implement continuous system monitoring, multi-factor authentication (MFA) and conditional access policies to help block unauthorized access before it reaches critical systems.
Business owners in the lumber space with the most effective programs will adopt a mindset of continuous verification. Approaches like zero trust, along with tools such as multi-factor authentication and conditional access controls, focus on validating every user and every connection before access is granted.
This shift reflects a broader truth about cybersecurity today in our industry and others. There is no single solution. Instead, resilience is built through a combination of awareness, discipline and layered defenses that evolve alongside the threats.
This is also a good time to remember that your team at PLM can serve as valuable partners in helping your business evaluate cyber exposures and identify gaps in your prevention measures. We can also help your organization better understand emerging risks and support stronger cybersecurity planning across the business.
Lumber Memo: Issue 2 – 2026
IN THIS ISSUE:
- President’s Commentary
- Protecting LBM Businesses from Construction Defect Claims
- 2026 Hurricane Forecast: A Milder Forecast Doesn’t Reduce Risks
- Commitment to Service: Meet the Faces Behind PLM’s Claims Management Team
- Building a Strong Foundation for Cyber Risk in Lumber Business
- A Guide to Succession Planning: Protect the Future of Your Lumber Business
- Spotlight On PLM: Dividends, Leadership, A.M. Best


