Abstract
Cybercrime has become one of the biggest challenges for project managers in the modern era of digital data platforms. Although this form of managing data is effective, the study shows that it poses new challenges, top of which is cyber-attack. The researcher was interested in explaining effects of cybercrime on project managers in the United Arab Emirates’ construction sector. The project relied on secondary data collected from books, journal articles, and reliable online sources. The findings show that cybercrime is becoming increasingly common in the country, and mega projects have become prime targets for these criminals.
When a project is attacked, some of the effects include delays, cost inflation, distorted information, and discord between the project manager and other stakeholders in the project. The effects of the attack often depend on the scale and intention of the criminal involved. The study has identified different steps that project managers should consider to ensure that such eventualities are planned for and necessary countermeasures are put in place to minimize the effect.
Introduction
Cybercrime has become one of the major concerns for organizations across the world irrespective of their size. According to Carvalho (2015), information technology has introduced new ways of managing data in an organizational setting. In the past, data would be captured, processed, and stored in paper files. The process was time-consuming, it was always difficult to retrieve, and share critical information needed to make quick decisions. Cases of lost or destroyed files were common and sometimes officers had to go through the cumbersome process of developing new files. The emergence of the digital data platform effectively addressed most of the weaknesses associated with paper files. Collecting, processing, storing, retrieving, and sharing of data was made simple and more reliable.
Departments within a company would share important files simultaneously regardless of their physical locations. Kloppenborg (2015) explains that one of the main challenges that have emerged when using the digital data platform is cyber-attack. Techno-savvy criminals have developed ingenious ways of hacking into databases of companies and government institutions to have access to critical data for various reasons. Audretsch, Link, and Walshok (2015) argue that some of these cybercriminals are driven by pure greed. They gain access to these databases with the primary intention of stealing from the organization. Others are driven by malicious intention of causing harm to the organization because of either revenge or any other reason that they may have.
In project management, the use of digital data has become an essential approach to managing information. Project managers find it easy monitoring project activities in real time to understand the progress and issues that may require immediate attention. The United Arab Emirates has been sponsoring mega construction projects over the past decades, and such costly projects require close supervision (Oxford Business Group 2014). The project manager may not always be present at all the sites all the time to monitor the progress made by different teams. Digital data platform offers them a perfect opportunity to supervise these projects right from their office. The emerging problem of cybercrime has had negative consequences on project management.
The project manager is expected to make critical decisions that would define how different activities are to be undertaken. They have to rely on accurate data on different aspects of the project, from funding, to the parties involved in different activities, and the progress that has been made. When data that they use to make decisions on the project implementation is manipulated, it is easy to make wrong assumptions and actions that may have devastating consequences on the project. In this report, the researcher seeks to investigate effects of cybercrime on project managers within the UAE’s construction sector. The following are the objectives that guided this study:
- To identify the underpinning principles and concepts of major large programs delivery.
- To analyze and evaluate topical issues in large program delivery.
- To appraise various sectors and propose how they can improve on their program delivery.
- To undertake some creative analysis and thinking.
Justification of the Topical Issue Identified
The United Arab Emirates’ construction industry has been booming over the past decades. The public-private partnership approach that the country has embraced, and the booming tourism and petroleum industries have helped in attracting foreign investors from different parts of the world. According to Kogon, Blakemore and Wood (2015), some of the mega construction projects in the country are worth billions of dollars, such as the Burj Khalifa, which is currently the tallest building in the world. Those who invest in these projects expect to get the promised value at the right time and within the predetermined budget.
As such, managers of these projects are often under immense pressure to deliver. They have to ensure that every activity is done based on the initially developed plan and that, cases of cost inflation and delays are eliminated at these stages. The problem emerges when they are forced to work with manipulated data. They may end up making a costly mistake because of the wrong information presented to them. Some of these criminals would steal funds from the project, making it difficult to complete it using the remaining resources.
The study seeks to analyze cause, effect, and ways in which this problem can be solved. The construction sector has played a major role of transforming this country into one of the leading tourists and investors destinations in the world (Bhattacharya, Kripalani & Amrith 2015). As such, it has to be protected from criminals who may have selfish ambitions at the expense of the taxpayers or investors. The report will help these managers to understand the nature of the problem and the way it can be detected as early as possible. It also explains the need to have a backup database that is not accessible to cybercriminals who have perfected the process of breaching firewalls meant to protect online database. The goal is to ensure that the practice of implementing construction projects in the country is not adversely affected by the problem data theft or manipulation.
The model relevant to this topic is the contingency theory. It holds that there is no optimal way to make organizational decisions when managing a project, and as such, the best cause of action should depend on external and internal forces that the entity faces (Carvalho 2015). When managing major projects, it is common to have cases where the team relies on a standard approach of making decisions and dealing with crisis that might emerge.
However, this theory advises that flexibility is critical in such cases. The team should be ready to adjust its standard way of operation depending on the prevailing circumstances. When there is a cyber-attack, it may be necessary to have a way of responding that is relevant to the related problem. The unpredictability approach to management emphasized by this model makes it difficult for these criminals to predict how the team would react to their actions. As such, their control over these projects after the initial attack may be limited.
Literature Review
The previous chapter has provided the background information to this study. In this chapter, the focus is to review findings that have been made by other scholars in this industry. According to Nicholas and Steyn (2017), the goal of every researcher should always be to address the existing knowledge gaps, inconsistencies, or controversies in a given field. That goal can only be achieved if the researcher takes time to review the existing literature. The review also helps in eliminating cases where already existing information is duplicated in the study. Cybercrime has become one of the main concerns in the modern society where digital data management has gained popularity. Scholars have conducted studies to find ways of addressing this problem. However, Tan and Perleth (2015) argue that cyber-attacks are still common and they are becoming very costly to companies and government entities around the world, which means that a lasting solution is yet to be found.
The use of technology in managing data of mega projects has gained popularity over the recent past as organizations struggle to cut costs, improve efficiency, and lower the duration that it takes to complete these projects. According to Pauleen and Wang (2017), project managers are often under pressure from project sponsors to ensure that they achieve the promised value at the lowest cost possible and within the promised duration. Working under such a demanding environment means that mistakes cannot be tolerated, especially when making managerial decisions. They have to be precise and that can only be the case when they are working with reliable data.
Motives of Cybercriminals
Project managers should understand the primary motives of cybercriminals every time they decide to gain an unauthorized access to the database of a mega project. According to Wang and Rafiq (2014), one of the main reasons, why such criminals hack into databases is to steal from the organization. Pure greed has seen many public and private institutions lose their resources to these criminals. In the past, Carvalho (2015) explains that these criminals had to use guns and risk their lives to gain physical entry into their targeted companies to steal from them. However, the trend has changed with the emergence of sophisticated technologies.
These criminals no longer need to make physical entries into their targeted organizations. Instead, they are currently using their cyber-skills to manipulate digital data and transfer huge sums of money into their accounts electronically. Understanding this motive would help the project manager to put in place measures that would protect project’s resources.
Sabotage is another common motive that some of these cybercriminals have when launching such attacks. The Middle East has been largely affected by the Arab Spring, which has led to the emergence of terror groups such as ISIS (Oxford Business Group 2014). Some radicalized groups such as al Qaeda have also been in existence in this region for over the last two decades. These groups have political ambitions and they have openly supported some political parties in the past. These terrorists have the potential of planning and executing attacks against major state projects when they feel dissatisfied with the regime. It is difficult to predict when they would strike or the project they would target, but when they do, their primary intention is always to cause destruction by crippling the project. They can steal the resources or just cause chaos that would make it almost impossible to implement the project plan.
The third group of cybercriminals is often driven by the desire to steal crucial data on behalf of another organization. Pica (2015) explains that these individuals may not intend to sabotage the project in any way. Their desire may be to steal a unique design that a competitor may use in undertaking a similar project. In other cases, they may be interested in understanding a unique model that a project manager is using to undertake a mega project with great success. Some of them may be acting on behalf of international spy agencies because of different reasons. It may not be easy to detect activities of these cybercriminals because their actions do not affect the normal implementation of the project in any way. However, measures should be taken to limit their ability to have access to critical databases.
The last group of cybercriminals is individuals who are just testing their cyber-skills with no clear intentions. The majority is young college students or recently graduated. They are not sure what they intend to achieve by such actions but they find the temptation irresistible. They may just have access to the database but do nothing further because they lack specific goals. Carvalho (2015) warns that these criminals may pose a major threat when they realize that their actions can generate them some income. Along the way, they may develop interest of stealing resources of the firm or selling the stolen data to interested third parties. As such, project managers should not underestimate the threat they pose to the success of the project.
Alignment of the Major Program Topical Issue to the Transport Sector
The effect of cybercrime on project managers was aligned to the construction sector in the United Arab Emirates because of the significance of the industry to the country’s economic development. The UAE has had one of the most impressive economic growths in the region over the last two decades. The government, working closely with the private sector, has succeeded in diversifying the economy because of major investment in the sector.
Tourism, real estate, transport, and even the oil and gas sectors all rely on the construction sector. This critical sector of the country’s economy has been under attack of cybercriminals over the past few years. As discussed above, these criminals have varying intention, but their activities often have crippling effect on the progress of a given project. As such, the researcher considered it appropriate to focus on this critical sector with the aim of developing ways of protecting it from the effect of cyber-attacks.
Methodology
Effect of cybercrime on project managers is a sensitive and relevant topic to local stakeholders in the construction industry within the United Arab Emirates. Local and foreign investors are coming to the country because of the trust they have in the economy. Project managers have to ensure that they do not erode the trust. As such, the problem of cybercrime has to be addressed effectively. In this study, it was important to gather reliable data that would help in making policy recommendations to all the stakeholders involved, especially the project managers. In this section of the report, the researcher explains data sources, the approach used to analyze it, and challenges faced in the process of collecting and processing data in the study.
Data Sources
When conducting research, Pruzan (2016) explains that one of the major steps that have to be defined is how to collect data. Factors such as time, availability of different data, and nature of research question should be considered. In this case, the researcher used secondary data. Information used in this report was obtained from books, journal articles, and reliable online sources. According to Sekaran and Bougie (2016), it is always desirable to collect primary data from a sample of respondents to help address the identified gaps in the study. However, sometimes it may not be possible to do so because of many challenges that a researcher may face. In this case, time was the main issue, as discussed in the research constraints section of this chapter. The researcher had to rely on secondary data sources to ensure that the study is completed within the stipulated period.
Data Analysis
Once data has been collected from various sources, the next step is to conduct an analysis. The information has to be processed to ensure that it addresses research question and objectives. As Pruzan (2016) notes, the method of data analysis is often defined by the topic of the study and the nature of the research question. This study focused on explaining effects of cybercrime on project managers. The most appropriate research design was considered qualitative research method. It allows a researcher to go beyond using statistical figures to provide a detailed explanation of a given issue. This method allowed the researcher to explain causes, effects, and ways of mitigating cybercrime in mega construction projects in the country. It also makes it possible to provide a detailed solution that project managers in this sector can use to address the problem.
Research Constraints
It is important to acknowledge that the researcher faced some challenges when conducting this study. Sekaran and Bougie (2016) observes that discussing research constraints help in identifying strengths and weaknesses of the study. The main challenge that the researcher faced was the limited time that the project had to be completed. It was desirable to interview project managers in the construction sector within the country to understand the challenges they face and the way they are dealing with the problem of cybercrime. However, that would have required a lot of time that was not available in this study. As such, the study did not use primary data but instead relied on secondary sources. To ensure that this weakness did not address the outcome of the study, the researcher was keen on selecting reliable secondary data sources that helped in answering the research question.
Results and Discussions
The researcher used data from secondary sources to understand the effect of cybercrime on project managers. It was possible to provide a detailed narrative explanation of how this problem affects major construction projects and individuals trusted to manage them using qualitative research design. In this section of the report, the researcher provides key findings and themes that emerged from the analysis. The identified themes directly respond to the research topic in the study.
Key Findings and Research Themes Identified
When conducting a qualitative research analysis, it is always advisable to present research findings in the form of themes. This approach makes it easy to understand critical issues relating to the issue under investigation (Fangel 2018). In this case, the researcher classified themes identified in the analysis into two classes. They include effects that cybercrimes have on the projects and that on individual project managers who have to address the mess.
Effects on Construction Projects
Cyber-attacks can have devastating consequences on the progress of a project. According to Rogers (2016), every time a hacker gains an unauthorized access to a given database, their main motivation is to achieve selfish goals that may affect the ability of the stakeholders to complete their tasks within the right time and at the predetermined budget. The following are some of the main effect on a project to a data breach, which are presented in the form of themes.
Cost inflation is the most common consequences of data breach to any given project. As explained in the section above, one of the main goals of these cybercriminals is to steal from their targeted organizations. When their target is a given major construction project, they would target its resources. They can do this by directly hacking into the bank accounts and transferring huge sums of money to their accounts. Every time they steal from money meant for the implementation of the project, it forces the management to inject additional resources to help complete the project (Schwalbe 2015). They can also steal or disrupt important designs that may force the management to spend more resources on developing it once again. The overall outcome is that the overall cost of the project will go beyond what the management had planned at the inception of the project.
Delay is another problem that is often associated with the problem of cybercrime. Some hackers are only interested in disrupting the design of the project or inhibiting effective communication among stakeholders involved. When such criminals succeed in manipulating the design of a construction project, it forces stakeholders involved to redesign it once again, which is a time-consuming process (Kloppenborg 2015).
Such changes may require the approval of the sponsor and other relevant authorities. When the hackers disrupt communication system, it may take longer for project managers to coordinate their team and ensure that specific tasks are undertaken at the right time. Depending on the magnitude and frequency of such attacks, various activities may be delayed, leading to a significant delay in the completion of the project. Huemann (2016) warns that every time the project is delayed, chances are high that the overall cost will also be increased.
Unplanned change in the original design of the project is another common problem associated with cybercrime. According to Pica (2015), some of the major construction projects are often conducted in secrecy because of their nature. Such cases are common when undertaking a construction project related to the ministry of defense or internal security. The design of such structures must remain a secret to ensure that criminals cannot plan a successful attack that security forces cannot counter effectively. It means that if hackers successfully gain access to these designs even when the construction is already in progress, it may be necessary to change the entire design for security purposes (Rogers 2016). It may mean demolishing parts of the structure in line with the new design. Such a problem would lead to an increase in the cost and time within which the project will be completed.
Unauthorized access to designs and models used in the project is another major issue that is associated with hacking. It costs millions of dollars to develop architectural designs of mega structures in the country (Kloppenborg 2015). It is unethical for third parties to have access to such expensive designs without paying anything for it. Sometimes the aim of these criminals is to steal these designs and sell them to other developers keen on cutting the cost of the design. As Carvalho (2015) observes, such an action is an injustice to the owner of the design who had to pay for the cost of the construction.
Effects on Project Managers
Project managers are often affected negatively by activities of cybercriminals in different ways. Huemann (2016) explains that as the head of these projects, the manager has the sole responsibility of ensuring that all the planned activities are completed within the right time and at a specific cost. They are responsible for the project sponsors and have to address all the concerns of stakeholders who have an interest in the project. Internally, they are expected to address issues that may arise in the project and provide guidance in cases of crisis. It means that every time there is an issue that affects the progress of the project, they are always at the center of such a crisis. The following are some of the major effects that cybercrime has on project managers.
The inability to control and coordinate activities in the project is one of the common challenges that these managers face. Under normal circumstances, project managers rely on internal communication system to monitor the progress of the project and to offer guidance to different units undertaking various activities in the project. Some of these hackers often target the internal communication system within the organization (Gao, Chai & Liu 2018).
When that happens, it may be challenging to coordinate internal activities within the project. Sometimes the manager may not have access to regular progress reports that would enable them to know the steps taken by different units. The communication system may be so distorted that controlling and coordinating project activities may become complex, especially when the manager has to resort to traditional approaches of communication and supervising activities within the project.
Lost trust and loyalty is another issue that a project manager may have to deal with in cases of cyber-attack. In the construction sector, trust is a major factor that all stakeholders value. As Nicholas and Steyn (2017) observe, most of these projects are worth millions or even billions of dollars. As such, an individual entrusted with these projects must be trusted to be competent and able to deliver on the promise in terms of time and cost of the project.
Every time a project suffers an attack, it demonstrates lack of capacity of those in charge to do their job. The weakness may not be on the part of the project manager, but as the head of the program, he is likely to bear the blame. The manager has to explain to the sponsors and other top officials why such an undesirable event happened. Every time the incident happens, the trust will be lost. Potential sponsors may withdraw their investments or donations from projects whose managers have questionable reputation. According to Nicholas and Steyn (2017), project managers must understand that their reputation lies in the ability to protect their programs for possible attacks by hackers.
Inability to make accurate decisions is another major concern that project managers are faced with whenever their programs are attacked by cybercriminals. The decision that a manager makes is based on the information that is made available to them. When the information is manipulated by hackers, it is possible that they can make decisions with catastrophic consequences. In the construction sectors, activities must be conducted systematically, where one task can only be taken when a related one has been completed. When the manager is presented with a wrong data, it is possible for them to approve a task at a wrong time.
Such decisions may result in massive loss of construction materials and a waste of time. It is advisable for these managers to use multiple channels of communication and supervision to avoid such crucial mistakes. Having a contingency plan may help manage negative effects of an attack.
Inability to communicate with project sponsors and owners may be another issue that the manager may face in cases of an attack. A manager is responsible for providing a regular update of the progress in the project, challenges that are emerging, and any relevant issue that may affect completion time or nature of the project (Pauleen & Wang 2017). These managers rely on digital data platforms to update different stakeholders about these issues. They can easily communicate with the sponsor and other stakeholders on issues that affect their project. When the communication platform is compromised, it may not be easy for these stakeholders to share information in a seamless way.
Synthesis of Findings and Critical Analysis of Facts
Findings of this study show that cyber-attack is a common problem that many companies in the United Arab Emirates face in their operations. These criminals are now targeting major projects where they can steal a significant amount of money or designs that can be sold to unscrupulous developers or other interested third parties. The study was specifically interested in the impact of cybercrime on project managers. Although the sponsor may be forced to bear the burden of financial losses associated with such attacks, the image of the project manager may be affected. A critical analysis of the data obtained from the investigation shows that consequences to the manager might be long term.
According to Huemann (2016), it often takes a lot of time and effort for one to win trust of investors to be trusted with the position of a project manager. However, such trust can easily be lost when issues such as a cyber-attack significantly affect the project. Winning tenders for similar projects in future may not be easy. These negative effects have been discussed in details in the section above.
A cyber-attack may have numerous negative consequences on a project and the manager. However, Schwalbe (2015) argues that it has some benefits worth noting. A cyber-attack offers a perfect learning curve for a project manager. When it happens, it creates a crisis that may require practical skills to manage. The project manager should consider it a perfect opportunity to learn. They will be learning on how to address the problem of communication breakdown. They will also have the opportunity to learn how to deal with cases of data manipulation when handling an important project. Such practical lessons may be helpful for the manager in addressing future challenges in other similar projects.
Major crisis that would arise from a cyber-attack also makes it possible for the manager to test the resilience, reliability, and skills of the employees assigned different responsibilities in the project. In the current competitive business environment, it is important to assemble a team of highly skilled workers who can be trusted to deliver good results under extreme conditions. The problem is that at the time of hiring these workers, one cannot precisely determine the capacity of these employees Kloppenborg (2015). It is common to find cases where people exaggerate their capabilities in their testimonials. When a crisis strikes, the project manager would have a perfect opportunity to test their core competencies and select a team of workers that should be included in future project. One of the issues that would be tested is the skill of the employees.
Those who are working in the IT department should have the capacity to neutralize an attack as soon as it detected. If they find it difficult addressing the concern, it may be a sign that the project manager has a team of incompetent IT experts who may need to be replaced. The willingness of the employees to spend extra hours at work is another area of interest for the manager. Under such strenuous conditions, sometimes employees may be expected to spend extra hours at work to recover the loss. On the one hand, the manager will learn how to convince employees to give an extra effort at work. On the other hand, they will have the opportunity to test the willingness of the workforce to go beyond the normal expectations to achieve the desired goals. It would allow the manager to select a team of committed workers for future projects.
The attack may also offer the project manager a perfect opportunity to test the system used in managing data within an organization. An effective data management system should alert relevant officers of a breach the moment it happens. Huemann (2016) explains that some of the modern systems would develop a report of such incidences, explaining the location, the target of the attack, and any other relevant information even if the breach was not successful. It makes it easy to take countermeasures. When the attack happens, the project manager will have the opportunity to learn about the weaknesses of the current system and measures that can be taken to strengthen it. Some of these criminals have developed a sophisticated approach to breaching data security in a way that they cannot be detected. In such an eventuality, it would be a demonstration of the need for the project manager to improve the capacity of the company.
Conclusions and Way Forward
Cybercrimes often have devastating consequences on major projects in the construction sector and those who are trusted to manage them. The consequences range from cost inflation, delays, and change of project design to lost trust and challenges in coordinating activities of the project. However, the researcher strongly believes that although such incidences are undesirable because of their negative consequences, project managers should consider them learning opportunities. Cybercriminals should not always be successful in their attacks. When these managers learn how to strengthen their data management systems every time there is any form of an attack, it would be guaranteed that these institutions would be protected from actions of these criminals.
The real tragedy would be a case where these criminals use the same approach to conduct successful attacks within an organization. As the study shows, every time a cybercrime affects operations of a project, the trust that sponsors have on the project manager would be reduced. The verdict of the researcher is that findings of this study are true based on the information collected on the secondary sources. The researcher agrees with the findings of the study based on personal knowledge and data from different sources. The following recommendations provide the way forward to project managers and future scholars in this field:
- Project managers should consider hiring sophisticated hackers to try to gain unauthorized access to the database before the initiation of the project. It would help to identify weaknesses that may be exploited by criminals.
- Major construction projects should have contingency plans, including an additional database and a communication platform, which are not vulnerable to a cyber-attack.
- In cases of attack, project managers should remain proactive and able to migrate to the alternative platform to avoid negative consequences.
- Such cases of attack should be considered learning opportunities that would improve service delivery.
Reference List
Audretsch, B, Link, A & Walshok, M (eds) 2015, The Oxford handbook of local competitiveness, Oxford University Press, Oxford.
Bhattacharya, J, Kripalani, C & Amrith, SS 2015, Indian and Chinese immigrant communities: comparative perspectives, Anthem Press, London.
Carvalho, L (eds) 2015, Handbook of research on internationalization of entrepreneurial innovation in the global economy, Cengage, New York, NY.
Fangel, M 2018, Proactive project management: how to make common sense common practice, Van Haren Publishing, Zaltbommel.
Gao, Y, Chai, W & Liu, Y 2018 ‘A review of knowledge management about theoretical conception and designing approaches’, International Journal of Crowd Science, vol. 2, no. 1, pp.42-51.
Huemann, M 2016, Human resource management in the project-oriented organization: towards a viable system for project personnel, Routledge, New York, NY.
Kloppenborg, T 2015, Contemporary project management: organize, plan, perform, 3rd edn, Cengage Learning, Stamford, CT.
Kogon, K, Blakemore, S & Wood, J 2015, Project management for the unofficial project manager: a Franklin covey title, BenBella Books, Dallas, TX.
Nicholas, J & Steyn, H 2017, Project management for engineering, business, and technology, 5th edn, Taylor & Francis, New York, NY.
Oxford Business Group, 2014, Report: Abu Dhabi 2014, Oxford University Press, Oxford.
Pauleen, D & Wang, W 2017, ‘Does big data mean big knowledge? KM perspectives on big data and analytics’, Journal of Knowledge Management, vol. 21, no. 1, pp.1-6.
Pica, M (ed) 2015, Project life cycle economics: cost estimation, management, and effectiveness in construction projects, Taylor & Francis, New York, NY.
Pruzan, P 2016, Research methodology: the aims, practices and ethics of science, Springer, Cham.
Rogers, D 2016, The digital transformation playbook: rethink your business for the digital age, Columbia Business School Publishing, New York, NY.
Schwalbe, K 2015, Information technology project management, 8th edn, Cengage Learning, London.
Sekaran, U & Bougie, R 2016, Research methods for business: a skill-building approach, John Wiley & Sons, Chichester.
Tan, A & Perleth, C (eds) 2015, Creativity, culture, and development, Springer, London.
Wang, C & Rafiq, M 2014, ‘Ambidextrous organizational culture, contextual ambidexterity and new product innovation: a comparative study of UK and Chinese high-tech firms’, British Journal of Management, vol. 25, no. 1, pp. 58–76.