When I was (much) younger, I recall hearing a preacher in church one Sunday say (multiple times), “The road to hell is paved with folks with good intentions.”

I had no idea what he meant, but I was pretty sure it was bad.  I want to borrow his words to describe something I’ve noticed about construction projects:  The road to project hell is often paved with folks with good intentions.

In other words, the seeds of many construction disputes and unprofitable projects often begin with good intentions by the people involved.

At the beginning of the project, everyone has good intentions.  I have never represented a client who started a project hoping there would be conflict.

I think most people want to trust the people they do business with (why would you do business with them if you didn’t trust them, right?).  As a result, as a project moves along, participants discuss scope change, payment, pricing, and ordering materials, among other things.

Instructions are given and agreements are made.  However, sometimes the parties do not diligently document the discussion and agreement.

This results in disagreements about what was discussed and agreed to once someone gets around to preparing a document, or worse, it leads to a surprise (some would call it ambush) claim at the end of the project.

Next comes payments being withheld, liens being filed, litigation or arbitration, people having to talk to their lawyer way more than they want to, and you find yourself in project hell.

You’ve probably heard the old saying, “trust but verify.”  When it comes to a construction project, however, you should adopt the approach of:

Trust but Document.

Any time there is a discussion about any type of change or any kind of agreement is made, the main points should be documented immediately.  Technology makes this more achievable than ever before.

Use Smartphones and Tablets

When a discussion takes place onsite, it can be documented quickly and easily with a smartphone or tablet.

  • Smartphones.  Put the terms of a discussion and agreement in an email, which can be copied to all parties participating in the discussion so that they have a chance to speak up immediately if they disagree with any information in the email.  If you don’t have time to type out an email (which should be rare), then use your smartphone to make a quick video or audio recording to record everyone agreeing on what was discussed and what actions will be taken.  It would be very difficult for someone to later deny they agreed to something if you have them on video agreeing with the terms.
  • Tablets. Not only can you use a tablet to prepare a note or email, but certain tablets allow you to write with a stylus.  This allows parties to quickly put the terms of their discussion or agreement in a document (even a prepared form stored on the tablet or in the cloud), and then sign it using it the stylus.

Once you have documented the main points of a discussion, the information can later be included in a change order proposal or change order.  The suggestions above are not the only ways to use technology, but the point is that you should make technology work for you and decrease the number of potential disputes.  TRUST BUT DOCUMENT.  Because remember, the road to project hell is often paved with folks with good intentions.

I recently wrote about the WannaCry ransomware attack that crippled companies around the globe and recommended that cyberattacks be addressed in the force majeure provision of a construction contract.

Last week, there was another global cyberattack that was first believed to be another form of ransomware known as Petya, but it turned out that the attack was something more sinister.

Instead of being ransomware, which (usually) results in the victim getting their files and information back at a later date, experts have concluded that last week’s attack was actually malware that was a “wiper,” which prevents the user from ever accessing their files.  In other words, a hacker that unleashes a “wiper” on a system is not trying to make money by demanding some type of ransom payment for the information – they just want to damage and destroy.

In addition to adding cyberattacks to the force majeure provision, you should also consider including a contractual provision addressing other potential remedies in the event of a cyberattack.   For instance, parties may want to consider a termination provision that is triggered by a cyberattack.

Every project is different, so there is no “one size fits all” approach for addressing a cyberattack in a contractual provision, but here is a framework that you may be able to customize for your project:

Cyberattacks. The term “cyberattack” in this Contract shall mean, “an attempt by hackers to damage or destroy a Party’s computer network or system.”  In addition to any other remedy available under the Contract (including any extension of time under Section _____), either Party may terminate the Contract upon _____ days written notice if either Owner or Contractor is the victim of a cyberattack that: (i) substantially deletes or destroys Owner’s or Contractor’s electronic files related to the Project such that Owner or Contractor are unable to continue performing their obligations under the Contract; or (ii) prevents Owner or Contractor from being able to access their electronic files related to the Project for more than _______ days.  If Owner terminates the Contract under this Section _____, Contractor shall be entitled to recover (insert remedies, i.e., treated as termination for convenience, or payment to Contractor of a termination fee). If Contractor terminates the Contract under this Section _____, then Contractor shall (insert remedies, i.e., limited to payment for properly performed work, or payment to Owner of a termination fee).

Cybersecurity is an issue that is not going away.  Whether you use a provision similar to the one above or draft your own provision, make sure you address the issue in your construction contracts.

Recently, the largest single ransomware attack to date occurred when ransomware known as WannaCry attacked companies around the world.  These companies will likely not know the extent of the damage caused by this attack for months, if not years.  WannaCry is just one of several ransomware threats that companies face.

Ransomware either prevents a user from accessing their computer or their files until a ransom is paid to the hackers.  Ransomware can infect a system in various ways, and hackers are becoming more and more creative about ways to deceive  an employee into unknowingly infecting a company’s network.


Contractors are not immune to ransomware (or other cyberattacks).  A successful ransomware attack on a contractor’s network would likely shut down the contractor’s operations on its projects for a period of time.

No access to email or any documents until the contractor pays the ransom (which will likely have to be paid in bitcoin, which would probably present its own challenges).  And even then, some hackers would not release the files back to the contractor even after the ransom was paid.  Think of the impact that this would have on a contractor’s business operations.  No bids could be submitted and every project would be delayed.

The business impact would be catastrophic.  There are insurance professionals that can help address potential business interruption damages.  But what about liability for project delays due to a ransomware attack?  Would the delays be excusable under the contractor’s contracts?  Most likely not.

Force Majeure

Many contracts contain a force majeure clause that addresses various events that would be considered excusable delays, or in some contracts, these events give one or both parties the right to suspend the work or terminate the contract.  Most force majeure clauses are not broad enough, however, to cover a ransomware attack.

This means that contractors would potentially be responsible for damages on every project that is delayed by a ransomware attack.  Depending on the terms of the contract and the owner’s course of action, the contractor could be faced with significant liquidated damages, its work being supplemented, or its contract being terminated.

The Wannacry attack will like only embolden hackers who seek to use ransomware to extort money from companies.  Contractors should make sure that the force majeure clauses in their future contracts include ransomware attacks and other cyberattacks in the list of events that are excusable delays.  And then hope that you never need to rely on it in the future.