RBG
Company Details
Linkedin ID:
royal-bam-group
Website:
Employees number:
15,131
Number of followers:
83,454
NAICS:
23
Industry Type:
Homepage:
bam.com
IP Addresses:
0
Company ID:
ROY_2722676
Scan Status:
In-progress
Royal BAM Group Company CyberSecurity Posture
bam.com
🏗️ Building a Sustainable Tomorrow at BAM! As leaders in the construction industry, we are committed to pioneering sustainable practices that not only enhance our projects but also contribute to a better future for generations to come. Our strategy revolves around focusing to protect profitability, transforming to strengthen competitive advantage, and expanding for future growth. Join us in making possible by prioritising sustainability in everything we do. 🌍
Royal BAM Group A.I CyberSecurity Scoring
RBG Risk Score (AI oriented)Between 750 and 799
RBG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
RBG Global Score (TPRM)XXXX
RBG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
RBG Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
RBG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for RBG
Incidents vs Construction Industry Average (This Year)
No incidents recorded for Royal BAM Group in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Royal BAM Group in 2025.
Incident Types RBG vs Construction Industry Avg (This Year)
No incidents recorded for Royal BAM Group in 2025.
Incident History — RBG (X = Date, Y = Severity)
RBG cyber incidents detection timeline including parent company and subsidiaries
RBG Company Subsidiaries
🏗️ Building a Sustainable Tomorrow at BAM! As leaders in the construction industry, we are committed to pioneering sustainable practices that not only enhance our projects but also contribute to a better future for generations to come. Our strategy revolves around focusing to protect profitability, transforming to strengthen competitive advantage, and expanding for future growth. Join us in making possible by prioritising sustainability in everything we do. 🌍
Loading...
RBG Similar Companies
VINCI Construction
Premier groupe français et acteur mondial de premier plan de la construction, VINCI Construction réunit plus de 830 entreprises et près de 69000 collaborateurs dans une centaine de pays. Ses expertises s’étendent à l’ensemble des métiers du bâtiment, du génie civil, et des activités spécialisées ass
Kiewit
At Kiewit, the projects we deliver make a difference, and we offer opportunities for you to make one, too. Our construction and engineering professionals work on some of the industry’s most complex, challenging and rewarding projects – whether it’s boring tunnels through mountains, turning rivers in
America's Builder is a lofty title, but it's a goal we work toward every day. D.R. Horton started in 1978 in Fort Worth, Texas, and has grown into a national Fortune 500 company. Since 2002, D.R. Horton has been the number one homebuilder in America. We build across the country, bringing our home
Skanska
Skanska Group uses knowledge & foresight to shape the way people live, work, and connect. More than 138 years in the making, we’re one of the world’s largest development and construction companies, with 2024 revenue totaling SEK 177 billion. We operate in select markets throughout the Nordics, Europ
Bechtel is a trusted engineering, construction and project management partner to industry and government. Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers’ objectives to create a lasting positive
GMR Group is a leading global infrastructure conglomerate with significant expertise in airports, energy, transportation, and urban infrastructure. GMR Airports is Asia’s largest private airport operator with the world’s 2nd largest passenger handling capacity (over 100 million annually). It opera
STRABAG
At STRABAG around 86,000 people working on progress at more than 2,400 locations worldwide. Uniqueness and individual strengths characterise both our projects and each of us as individuals. Whether its building construction, civil engineering, road construction, underground engineering, bridge build
NCC is one of the leading construction companies in the Nordics. Based on its expertise in managing complex construction processes, NCC contributes to a positive impact of construction for its customers and society. NCC is one of the largest players in the Nordic construction market, and operates
NCC Limited
Across decades, across disciplines, NCC Ltd has dedicated itself to building infrastructure of uncompromising standards. Infrastructure that is a constant reminder of the Company’s holistic construction expertise, which in turn is the result of relentless innovation and sheer dedication. Today, NCC
.png)
RBG CyberSecurity News
September 16, 2025 07:00 AM
BAM Groep to construct electricity distribution hubs on behalf of Enexis
Koninklijke BAM Groep NV: Will be constructing several electricity distribution hubs in northern and southern regions of Netherlands Pilot...
June 27, 2025 07:00 AM
BAM Nuttall’s ‘resilience’ delivers a substantial uplift in its pre-tax and operating profits
Civil engineering firm, BAM Nuttall has reported a strong and resilient performance in its latest financials, overcoming significant industry challenges.
May 21, 2024 07:00 AM
Joost Nelis (BAM Group): ‘We Aim to Be the Market Leader in Sustainable Construction’
21-05-2024 | Interviewer: Eelco Simon | Author: Henk Vlaming | Image: Ton Zonneveld. For construction giant Royal BAM Group,...
July 29, 2022 07:00 AM
Steven Capper
Steven is currently Group CIO at SNC Lavalin, leading a global team of more than 800 IT professionals. He is responsible for overall IT strategy and planning.
May 26, 2021 07:00 AM
UK contractors form group to combat cyber threats in construction JVs
A string of major cyberattacks has hit the country's building sector in the past 18 months.
January 05, 2021 08:00 AM
Amey hit by cyber attack
Amey was hit by a cyber attack in December, it has emerged. The firm's systems were hit by what is believed to be a ransomware attack,...
October 14, 2020 07:00 AM
Cyber-attack: the tier ones targeted by hackers – and how to protect your firm
On 4 May, Royal Bam group director of cyber security Ian Hill got a call at midnight from a member of his team, telling him Bam Construct's...
May 13, 2020 07:00 AM
Bam Construct and Interserve hit by cyber attacks
Bam Construct has shut down some of its computer systems after falling victim to a cyber attack last week. Interserve also revealed it was hit by a cyber...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
RBG CyberSecurity History Information
Official Website of Royal BAM Group
The official website of Royal BAM Group is https://www.bam.com/.
Royal BAM Group’s AI-Generated Cybersecurity Score
According to Rankiteo, Royal BAM Group’s AI-generated cybersecurity score is 773, reflecting their Fair security posture.
How many security badges does Royal BAM Group’ have ?
According to Rankiteo, Royal BAM Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Royal BAM Group have SOC 2 Type 1 certification ?
According to Rankiteo, Royal BAM Group is not certified under SOC 2 Type 1.
Does Royal BAM Group have SOC 2 Type 2 certification ?
According to Rankiteo, Royal BAM Group does not hold a SOC 2 Type 2 certification.
Does Royal BAM Group comply with GDPR ?
According to Rankiteo, Royal BAM Group is not listed as GDPR compliant.
Does Royal BAM Group have PCI DSS certification ?
According to Rankiteo, Royal BAM Group does not currently maintain PCI DSS compliance.
Does Royal BAM Group comply with HIPAA ?
According to Rankiteo, Royal BAM Group is not compliant with HIPAA regulations.
Does Royal BAM Group have ISO 27001 certification ?
According to Rankiteo,Royal BAM Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Royal BAM Group
Royal BAM Group operates primarily in the Construction industry.
Number of Employees at Royal BAM Group
Royal BAM Group employs approximately 15,131 people worldwide.
Subsidiaries Owned by Royal BAM Group
Royal BAM Group presently has no subsidiaries across any sectors.
Royal BAM Group’s LinkedIn Followers
Royal BAM Group’s official LinkedIn profile has approximately 83,454 followers.
Royal BAM Group’s Presence on Crunchbase
No, Royal BAM Group does not have a profile on Crunchbase.
Royal BAM Group’s Presence on LinkedIn
Yes, Royal BAM Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/royal-bam-group.
Cybersecurity Incidents Involving Royal BAM Group
As of December 10, 2025, Rankiteo reports that Royal BAM Group has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
Royal BAM Group has an estimated 39,066 peer or competitor companies worldwide.
Royal BAM Group CyberSecurity History Information
How many cyber incidents has Royal BAM Group faced ?
Total Incidents: According to Rankiteo, Royal BAM Group has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at Royal BAM Group ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698
- https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=royal-bam-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
