Construction Site Theft Patterns in the GCC: Diesel, Cable, Asset Theft

Construction site theft in the GCC is not an enforcement problem. It is a margin problem misclassified as an enforcement problem, and that misclassification is what keeps it unsolved.

The losses on a Gulf construction site do not arrive as headline events. They arrive as quiet attrition. A drum of diesel here, a coil of copper there, a pallet of fittings that the storekeeper swears arrived but no one can locate. By the time the quantity surveyor closes the project, the cumulative shrinkage sits inside what the industry politely calls "wastage" and what the controller, behind closed doors, calls something less polite. The carriers of the loss are the main contractor's net margin and, eventually, the developer's contingency. Gulf insurers know this, and they price it. The contractors who lose money on theft are almost always the ones who never separated the line item.

The four categories Gulf insurers actually distinguish

Underwriters working the UAE and Saudi construction books do not speak of theft as a single peril. They distinguish, in their loss reserves and their renewal questionnaires, between four categories, and these categories track what claims data has shown over the last decade. The first is diesel. Bulk fuel theft from on-site bowsers, from idle plant tanks, and from refuelling trucks parked overnight at the labour accommodation. The second is cable and conductive material, almost always copper, occasionally aluminium busbar from substations and risers that have been energised early. The third is fixed plant and tooling, ranging from generators and welding sets to high-value hand tools. The fourth is finished material in storage, particularly mechanical and electrical fittings, valves, sanitary ware, façade glass and high-end joinery in the fit-out phases of hospitality and residential towers.

The distribution is not symmetrical. Diesel and copper, taken together, account for the majority of reported incidents on civil and infrastructure projects in the GCC. On building sites in the fit-out phase, the balance shifts towards finished materials, because the value density of a packed crate of imported fittings exceeds anything else on the site at that moment. Insurers calibrate accordingly. A site in the structural phase of a metro extension is priced against fuel and copper risk. A site in the fit-out phase of a luxury hotel is priced against material risk and what the policy wording often calls "internal misappropriation," which is the underwriter's careful term for theft by people who are supposed to be there.

The honest contractor knows that the categories overlap and that the same crew can move between them across the life of a project. The dishonest contractor learns this faster than the honest one, because the dishonest contractor is the one organising it.

Diesel: the largest single line, and the most underreported

Diesel theft on Gulf sites operates at a scale that does not match its visibility in claims data. The reason is structural. Fuel is consumed, not inventoried in the way a generator or a coil of cable is inventoried. A bowser that should have lasted ten days lasts seven, and the explanation written into the daily log is operator hours, idling, or fuel quality. The actual explanation, in a meaningful proportion of cases, is that one or more parties between the fuel supplier, the site storekeeper, the plant operators and the night security have arranged a parallel offtake. The quantities are not large per event. The frequency is what compounds them.

The GCC market for stolen diesel exists because the price differential between subsidised or rebated industrial fuel and the open market for resale, particularly into informal transport and small generator users, is wide enough to make small thefts worth organising. In Saudi Arabia, the price reforms of the last decade narrowed but did not close this differential. In the UAE, the differential between site-delivered diesel and what an informal buyer pays for a jerry can collected at three in the morning is sufficient to fund a small parallel economy around any large project. The contractors who recognise this build their fuel controls accordingly. The ones who do not absorb the loss as plant operating cost and wonder why their fuel consumption per cubic metre of concrete exceeds the benchmark.

Recovery in diesel theft is effectively zero. Once the fuel has been transferred, it cannot be identified, recovered or reclaimed. The only useful intervention is prevention, which means sealed fuel transfers, calibrated flow metering tied to plant identification, and the kind of overnight surveillance that does not depend on a single guard at a single gate. The systems that work here are the ones that watch the bowser, not the perimeter, because the perimeter is a distraction. The fuel does not leave the site over the fence. It leaves through the gate, in the cab of a vehicle that was logged in.

Copper and conductive theft

Copper theft on Gulf construction sites follows the global pattern with regional adjustments. The targets are temporary power distribution cabling, earthing conductors, busbar sections delivered to site and stored before installation, and increasingly the conductive elements of HVAC and plumbing. The thieves are rarely opportunists. They are organised in small crews, they understand which cables carry value and which are aluminium-clad imitations, and they often have a route to a scrap dealer who does not enquire about origin. The dealer, in turn, has a route to a regional metals market that absorbs the material without questions.

The volumes are not insignificant. NICB data from outside the region and observations from regional brokers suggest that on a large infrastructure project, copper losses can run into hundreds of thousands of dirhams over a project's life, even with conventional security in place. The recovery rate, as reported by main contractors to their insurers, sits in low single digits. Once the cable has been stripped, bundled and moved off site, identifying it is functionally impossible. The IEC 62443 framework that increasingly governs the operational technology side of these projects is silent on conductor theft, because it sits outside the cyber perimeter and inside the physical one, where the controls have not kept pace with the value of the targets.

The pattern that emerges from claims data, and that ASIS International chapters in the region have documented in their working groups, is that copper theft escalates in the final months before energisation, when the maximum quantity of cable is on site and the access controls are at their weakest because of the volume of subcontractor traffic. The contractors who succeed in suppressing copper losses do so by treating the cable yard as a separate security zone with its own access log, its own surveillance and its own custody chain, distinct from the general site perimeter.

The contractor-labour dynamic

The honest discussion about GCC construction theft requires acknowledging the contractor-labour dynamic, which differs from the European or North American picture and which Gulf underwriters factor into their pricing whether or not they state it openly. The labour stack on a Gulf megaproject is multi-tiered, multi-national and subject to wage and accommodation arrangements that vary considerably across the tiers. The workers most likely to be present on a site at three in the morning are not the workers most likely to be compensated in a way that makes the marginal value of a stolen jerry can of diesel irrelevant. This is not a moral statement. It is a structural observation that any honest security assessment has to make.

The implication is that perimeter-focused security models, which assume the threat comes from outside, mis-price the actual risk. A meaningful share of GCC site theft is either committed by site labour, facilitated by site labour, or made possible by site labour looking the other way for a small consideration. The crews that organise larger thefts, particularly of plant and finished materials, almost always have an inside contact who tells them when the storekeeper will be away, when the delivery will arrive, and which container holds the valuable material. The CISA materials on insider threat, written for a different industry, translate directly. The mitigations are the same. Segregation of duties, custody logs that name individuals, surveillance that records who opened what and when, and audit cycles that do not depend on the goodwill of the people being audited.

Gulf contractors who run their security on the assumption that the threat is external are routinely surprised by the audit findings when they finally commission an independent assessment. The findings are not surprising to anyone who has worked the sites.

Recovery rates and what they mean for pricing

The recovery rate on GCC construction theft, across all four categories, is in the low single digits and in some categories effectively zero. Diesel is unrecoverable by its nature. Copper is unrecoverable once stripped. Plant is occasionally recovered when it is stolen for resale within the region and a serial number match is achieved, but the recovery rate even there is well below twenty percent, and the recovered plant has often been stripped of valuable components before recovery. Finished materials are almost never recovered, because they enter the regional grey market and lose identifiability within days.

What this means for insurance pricing is that the underwriter cannot rely on subrogation or salvage to reduce the cost of the claim. The full loss is borne, and the premium has to reflect that. GDV data on the European construction market, where recovery rates are higher and the policing environment is different, do not translate directly. The Gulf underwriter is pricing a near-total-loss assumption for any theft event, and the contractor who wants to reduce the premium has only one path, which is to demonstrate, with documented controls and incident history, that the frequency of events on his sites is materially lower than the regional benchmark.

This is where the NIST CSF 2.0 vocabulary of identify, protect, detect, respond and recover becomes useful, even though it was written for cybersecurity. The same five functions apply to physical security on a construction site. The contractors who can describe their site security in these terms, with evidence at each step, are the ones who negotiate the renewal differently. The contractors who cannot describe it that way pay the standard rate, which is the rate priced for the unmitigated risk. The manuscript "BOSWAU + KNAUER. From Building to Security Technology" makes the same point from the manufacturer's side. Security has to be measurable, or it cannot be priced, and what cannot be priced cannot be optimised.

What the working solutions actually look like

The contractors who have suppressed theft losses on Gulf sites have done so through a small set of measures that, taken together, change the economics for the would-be thief. The measures are not exotic. They are calibrated fuel transfer with flow metering and individual plant authentication. They are cable yards treated as separate secured zones with their own access logs. They are tool and plant custody systems that name an individual, not a department, as accountable. They are mobile surveillance platforms that cover the areas a fixed camera cannot reach, and that move on patterns that cannot be predicted from outside. They are operator-attended monitoring, not unattended recording, because recording without response is documentation of loss, not prevention of it.

The economics of these measures, when properly costed against the loss line, are favourable on any site above a certain volume threshold. Below that threshold, the conventional combination of fenced perimeter, lighting and a guard at the gate remains the rational choice, because the marginal cost of the more sophisticated system exceeds the marginal loss it would prevent. Above the threshold, which on most Gulf projects sits in the low hundreds of millions of dirhams of project value, the math reverses, and the contractor who does not upgrade is paying the loss out of his own margin while his competitor, who did upgrade, is bidding the next job with a lower contingency.

ISO 27001 and IEC 62443 are not construction standards, but the discipline they encode, that of identifying assets, classifying their value, controlling access and logging events, is the discipline that distinguishes the sites that lose from the sites that do not. BSI guidance on physical security, drawn from a different regulatory tradition, points in the same direction. The convergence is not accidental. It reflects what works.

What holds

Gulf construction theft is a managed risk, not an unmanageable one. The contractors who manage it have measured it, separated it from generic wastage, identified its four main categories, and built controls calibrated to each. The contractors who do not manage it absorb it as margin compression and renew their insurance at the standard rate.

The distance between the two groups is not a matter of how much they spend on security. It is a matter of whether the security spend is directed at the actual risk or at a generic picture of the risk that does not match the site. The audit that bridges that distance is a three to five day exercise on a specific site, with a defined deliverable and a fixed scope. It is the second of the three paths described in BOSWAU + KNAUER. From Building to Security Technology, and it is the path most appropriate for a contractor who already knows that something is wrong with his loss numbers and wants the wrongness named precisely.

The contractor who does not yet know whether he has a problem worth auditing should start with the first path, a confidential sixty-minute conversation, and the contractor who has identified a specific site as the test case should consider the ninety-day pilot. The sequence is not fixed. The choice is.

Frequently asked questions

What is stolen most often?

By frequency of incidents reported to insurers, diesel and copper cable lead the GCC construction loss tables on civil and infrastructure projects. On building projects in the fit-out phase, finished materials, particularly imported mechanical and electrical fittings, sanitary ware and high-end joinery, take the top position. Plant and tooling appear across all phases but at lower frequency than the consumables. The pattern correlates with value density and ease of resale. The items that are stolen most often are the items that can be moved off site quickly and absorbed into a regional secondary market without identifying marks.

Who steals it?

The honest answer, based on claims data and audit findings, is that the majority of GCC construction theft involves site labour as principals, accomplices, or enablers. Pure external intrusion exists, particularly for copper theft by organised crews, but it is the minority. The structural conditions of the GCC labour market, where wage levels for the relevant tiers do not make small thefts economically irrelevant, combine with insider knowledge of site routines to produce a risk profile in which segregation of duties and custody documentation matter more than perimeter fencing. ASIS International working groups in the region have reached similar conclusions.

What is the recovery rate?

Recovery rates in the GCC sit in the low single digits across all categories, and in some categories, notably diesel and stripped copper, recovery is functionally zero. Plant is occasionally recovered when intra-regional resale leads to a serial number match, but even then the recovered asset has often been stripped of value. Finished materials disappear into the regional grey market within days. Underwriters price on a near-total-loss assumption for any theft event, which is why the only effective lever for premium reduction is documented loss frequency below the regional benchmark.

How is it insured?

GCC construction theft is covered under Contractors All Risks policies, with theft typically a named peril subject to specific exclusions, deductibles and warranties. Insurers price the theft component based on project type, phase, location, and the contractor's documented controls and claims history. Internal misappropriation is often excluded or sub-limited, which matters given the insider profile of much of the actual risk. Contractors who can demonstrate, in the language of NIST CSF 2.0 and with the evidence of audit findings, that their controls are calibrated to the four loss categories negotiate materially better terms than those who present generic security descriptions at renewal.