Managing Cyber Risk and Security in Commercial Real Estate
Fraud and cybercrime are at an all-time high. While the commercial real estate industry has not historically been targeted, it is just as vulnerable as every other industry when it comes to cybersecurity. CRE professionals handle a lot of sensitive and confidential personal and financial information, and they are creating, using, storing, and sharing more data than ever before. CRE firms may be even more vulnerable given the large dollar transactions related to acquisitions, distributions, and financing of real estate properties. Cybersecurity threats can result in substantial legal and financial risks to the firm, not to mention the damage it can do to a firm’s reputation, business relationships, and employee morale. For these reasons, it’s more important now than ever before to be proactive and make cybersecurity a priority for your firm.
Cybercrime By the Numbers
Not sure you should be concerned? Below are a few stats that may make you think twice.
- Cybercrime is the 2nd most reported economic crime (PwC)
- The annual cost of data breaches through cybercrime is expected to reach $6 trillion globally by 2021 (Annual Cybercrime Report)
- 1/3 of business leaders rate cyber risk as the 2nd highest obstacle to company growth over the next 3 years (Deloitte)
- Data leakage or loss is the number one concern for firms, a concern shared by 72% of key decision makers (Heimdal)
- Only 41% of firms believe they have the tools and resources to identify, analyze, and mitigate external threats (Ponemon Institute)
As PWC says, “The scale and impact of fraud has grown so significantly in today’s digitally enabled world. Indeed, it can almost be seen as a big business in its own right – one that is tech-enabled, innovative, opportunistic, and pervasive. Think of it as the biggest competitor you didn’t know you had.”
Types of Cyber Risk
Cybercrime comes in many forms, and the list is growing every day as technology gets more advanced and hackers become more sophisticated. Here we detail two of the most common types of cyber risk that a CRE firm could experience.
A data breach is a cybersecurity incident in which sensitive, protected, or confidential data is stolen, copied, shared, or viewed by an unauthorized individual. Data breaches are becoming more and more commonplace. Every day, over 5 million data records are lost or stolen – that equates to 59 records every second. And the average cost for each lost or stolen record is $194. For a commercial real estate firm, a data breach could include information such as tax records, federal identification numbers, social security numbers, driver’s license numbers, and financial info.
Data loss is a cybersecurity incident where sensitive, protected, or confidential data is misplaced or destroyed due to causes such as theft, human error, viruses, or physical damage. Common examples of data loss include laptop theft, accidentally deleting or overwriting info, and power surges. In the case of stolen laptops, 46% contain confidential data, with only 10% having anti-theft technologies. Further, the average time it takes to resolve a cyber attack is 24 days, and the average value of a lost or stolen computer is almost $50,000 – 80% of which is for the lost data.
As mentioned earlier, a cyber threat can be very costly for any organization. One of the best ways to mitigate risk is to plan ahead, be able to recognize a threat, and have a strategy in place should one occur. You also need to consider other possible sources for risk.
What to Look for in a CRE Software Vendor
It’s no longer enough to manage the risk of cyber attacks on your own firm – you have to ensure that your vendor networks are secure as well. Thus, it’s imperative to assess the security of your third-party vendors and choose the right partner in order to ensure your data is secure.
With regards to investor management software, RealPage IMS incorporates institutional-level security for client data, maintaining 100% compliance with industry standards. Security features include:
- SSL Protection, which provides a secure connection between internet browsers and websites, allowing you to transmit private data online
- Amazon Web Services, which provides a secure web service interface to store and retrieve any amount of data from anywhere on the web, as well as backup, archiving, and disaster recovery
- 256-Bit Data Encryption, which is the same level of encryption used by the military and banks
As one client says, “Once we onboarded into the cloud, it was amazing because we were able to feel very comfortable and sleep well at night, knowing that all of the data was secure and accurate.”
Studies repeatedly demonstrate that many CRE firms are unprepared to face cyberattacks. That’s why it’s so important to understand the threats, to have a strategy in place for protecting your data and mitigating risk, and to properly vet your third-party vendors and ensure they meet security standards. With the fear of cyber risk alleviated, you can get back to what you do best – buying, selling, and managing real estate!
You may be interested in our free checklist: 7 Steps To Stronger Data Security For CRE Firms!