Cyber liability and privacy risks are hot topics across every industry, as both massive cyberattacks and smaller-scale threats increase in prevalence on a daily basis. No organizations are immune to these threats, especially not those within the real estate industry. Ransomware and other forms of attack are on the rise and becoming increasingly more costly to victim organizations.
For real estate companies, newer technologies create new risks. Buildings are becoming “smarter,” which has created several new exposures. While cyber threats may not be at the forefront of a real estate executive’s mind, there are several issues to become familiar with in order to address this emerging risk.
Common Threats Against Real Estate Businesses
The volume and severity of cyberattacks have increased dramatically in recent years. The most publicized type of attack is undoubtedly ransomware, which has prompted warnings from top Biden administration officials in the past month due to their increased frequency, sophistication and severity.
Notable ransomware incidents in the past year include attacks on tech giant ACER, cloud storage company Blackbaud, and several on various medical facilities. Most recently, a ransomware attack on the Colonial Pipeline spiked fuel shortages as hackers disrupted the major gasoline and jet fuel line’s operations. These events demonstrate the fact that ransomware attacks are industry agnostic and often have significant downstream impacts.
Phishing is another common cybersecurity issue that can directly affect real estate companies. Real estate operations rely heavily on transferring funds from party to party at a significant volume, both in frequency and monetary value. This creates a significant exposure to phishing attacks. Phishing attacks occur when attackers insert themselves in-between these transactions through devices or other means, such as through email.
In recent years, from California to Virginia, there has been a steady wave of new, impactful privacy legislation. Many real estate companies maintain a significant amount of customer/tenant private information. Real estate companies should stay abreast of current and potential privacy litigation as this trend continues to spread.
Smart Buildings = New Risks
As buildings become more connected with “smart” devices and advanced technology, there are naturally more vulnerabilities that may be exploited by cyber criminals. While this technology can provide cost-saving opportunities, increase productivity and enhance the tenant’s experience, it is important to know the risks and treat smart devices as crucial assets from an IT perspective.
Something as simple as a keyless access system can shut an entire building down and stop operations if breached by those with malicious intent. A recent attack on an Austrian hotel locked guests out of their rooms and made the keyless entry system inoperable. While this may seem like a mere inconvenience, the consequential damages could be significant, and it raises the question of what other damages a hacker can impact by exposing flaws in these smart systems. This is especially concerning when you consider that smart devices can also control things like the HVAC system, fire and security systems, and water systems.
Protecting smart buildings will be an important safety measure for all real estate companies to consider as technology progresses.
Making a Plan to Address Cyber Risks
When it comes to protecting your business from cyber risks, there are several questions to consider before implementing coverage appropriately designed for your organization. Your broker can help you to address these critical questions in collaboration with your Risk Manager, CISO, Financial Officer, or Business Manager.
- In general terms, how do you maintain the security and integrity of your electronic data?
- Is your organization prepared to respond to an incident? Is that plan tested?
- Are you aware of the essential controls the cyber underwriting community is more or less requiring in 2021?
- When was your last information security audit? Who performed it? Were any problems uncovered? How have they been addressed?
RCM&D is uniquely positioned to help you answer any critical cyber questions. Our dedicated Cyber and Real Estate practices can help you craft a protection plan for your unique risk profile. Talk to a trusted advisor today.