The State of Data Security for CRE Firms

The State of Data Security for CRE Firms

While the commercial real estate industry has not historically been targeted, it is just as vulnerable as every other industry when it comes to cybersecurity. And due to these misconceptions, CRE firms have been slow to invest in preventative cybersecurity measures and are thus now inadequately prepared. According to McKinsey, “The US government has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation.” It is practically impossible to eliminate all cyber threats, but protecting against them certainly can be and should be a top strategic priority.

Read ahead to learn more about why the commercial real estate industry may be at risk, trends impacting cyber security, and what you can do to be proactive on this issue.


Why CRE?

According to NREI, “The days of hackers targeting only retailers are long gone. With attacks that can misdirect wire transfers and hold computer systems hostage, hackers can successfully target any industry, particularly those that are behind the curve for cybersecurity. Commercial real estate firms may be particularly attractive, not only because they may not be up-to-date on security procedures but also due to their access to both data and money. CRE professionals handle a lot of sensitive and confidential personal and financial information, and they are creating, using, storing, and sharing more data than ever before. Further, CRE firms may be even more vulnerable than other companies given the large dollar transactions related to acquisitions, distributions, and financing of real estate properties.”

KPMG reports that 1 in 3 real estate firms have experienced a cybersecurity incident in the last 2 years (though that number is likely higher since firms do not always realize they have been infiltrated), and 50% of CRE firms are not adequately prepared to prevent or mitigate a cyber attack.


Why Now?

According to McKinsey, “The combination of advances in enterprise technology and more effective malevolent actors is complicating the task of protecting business processes and information.” Changes in how we use technology have simultaneously made it harder and more important to protect key assets

There are several factors at play that contribute to the increase in cybersecurity risk and incidents in commercial real estate.

Rising Value Online

The US CRE industry is a multi-trillion-dollar market, and with the rise of the internet and commercial real estate technologies, more of that value has migrated online. CRE transactions used to be much more manual, but now that they are conducted online, there are much larger incentives for cybercriminals.

More Sophisticated Cybercriminals

Just like other industries, cybercrime has become much more technologically advanced in recent years, in some cases (according to McKinsey) “outpacing the skills and resources of corporate security teams”. As a result, today’s cybercrimes are much more targeted and complex than in years past, as well as more difficult to trace.

Increased Opportunities for Error

An IBM survey found that 95% of all cyber security breaches involved some form of human error. With the work week in America averaging 47 hours, these errors can most commonly be accredited to negligence and/or efforts to save time via workarounds that unknowingly permit attacks. For example, employees may keep the same password for extended periods of time, create a very simple password so that they can easily remember it, use their own devices instead of those provided for them, or skip computer updates.

Continued Confusion Over Ownership

Today, technology touches every employee within an organization, begging the question of who should own cybersecurity initiatives. Somebody needs to take responsibility for assessing threats, educating employees, updating processes and policies, aligning with business priorities, ensuring compliance, and responding in the event of an incident. To be most effective, cyber risk management should be a strategic issue – not just an IT function.


What Can You Do?

Studies repeatedly demonstrate that many CRE firms are unprepared to face cyber attacks, which is why it’s more important now than ever before to be proactive and make cybersecurity a priority for your firm. To learn more about strengthening data security at your firm, download this free checklist!