Digital data volume produced in the last decade or two has been increasing substantially due to the digitisation of the construction industry. The digitisation process is part of disruptive innovations, which create diverse opportunities for the sector, particularly through the adoption of the BIM methodology and technology. Along with the disruptive innovations, there emerge cybersecurity issues that may compromise an organization infrastructure with devastating effects such as file destruction, sensitive data loss and theft of intellectual property, citing just a few examples. To that effect, this study has the general goal to investigate the cybersecurity issues involving the CDE of sensitive assets, particularly case, penal buildings. Through the analytical method, it shall be investigated the cybersecurity issues involving the collaborative digital environment of penal buildings: at first, it makes a literature review to understand the “state-of-art” regarding BIM and cybersecurity; then it investigates and performes a quantitative data collection relating to penal buildings and the security challenges involving the infrastructure which enables the information flow during the project design phase; at the end, it performs an analysis upon the CDE vulnerabilities, proposing security measures to mitigate cybersecurity risks. This research concludes that the adoption of cybersecurity procedures to protect the collaborative digital environment of a sensitive asset is still at its beginnings. It stresses that the CDE vulnerabilities are directly related to the criticality of the whole infrastructure of the building design process, i.e. it embraces the “Human Sources”, the “Physical” and the “Digital” systems. Thus, protecting the whole infrastructure is a way to assure protection of the CDE. In the future the application of the research questionnaires developed for this study is suggested, and the development of a “maturity model” to measure and classify the organization's cybersecurity approach.