Technological change is occurring at an exponential rate, affecting most aspects of our lives. New technologies and digital innovations are enabling economies of scale, increased productivity, and larger bottom-line results, among many other benefits. But they also present their fair share of risks and threats – to be honest, the cyber stakes have never been higher. Cyber attacks are occurring with increasing frequency and severity – a trend that shows no sign of stopping or slowing any time soon. In fact, PwC found that cybercrime is the 2nd most reported economic crime, and in the past year alone, there was a 27% increase in the average number of security breaches per year. Another study by Google and McAfee found that there are an estimated 2,000 cyber attacks every day around the world.
As PwC says, “The scale and impact of fraud has grown so significantly in today’s digitally-enabled world. Indeed, it can almost be seen as a big business in its own right – one that is tech-enabled, innovative, opportunistic, and pervasive. Think of it as the biggest competitor you didn’t know you had.” While cyber risk cannot be completely eradicated, it can be managed and threats reduced. To do so, it’s important to understand the constantly evolving dangers present in our digital ecosystem and to proactively take steps to address them.
Definitions and Explanations
Technology is becoming more and more integrated into our lives, changing the way we live, work, and play and affecting how we behave and interact with the world around us. At the same time, we are becoming increasingly more dependent on that technology, making us all the more vulnerable if it fails.
For example, imagine you are on a road trip, and the battery on your smartphone dies. You have no GPS, can’t pull up a map, and are unable to phone a friend for guidance. What do you do? Now, think about this issue on a larger scale. You go into your commercial real estate office one day and find that you are unable to access your project data. Don’t think it can happen to you? Well, consider that cars have been hacked, fitness apps have been hacked, smart city technology has been hacked, medical devices such as pacemakers have been hacked, home security and baby monitoring cameras have been hacked, airplanes have been hacked, and traffic systems have been hacked. And let’s not forget about Equifax, Home Depot, Yahoo, and Target. The moral of this story is that nobody is 100% secure.
To better understand the issues at hand, let’s take a look at some definitions:
Cyber Risk: The risk of financial loss, disruption, damage, or harm to the technical infrastructure or information technology systems of a firm or organization
Cyber Threat: A cyber event that could take advantage of a cyber risk or vulnerability, including (but not limited to) Trojans, phishing, ransomware, intellectual property theft, malware, spyware, malvertising, rogue software, and social engineering
Cyber Security: The set of techniques and processes used to protect networks, systems, devices, programs, and data from unauthorized access, damage, and other forms of digital attack
Data Security: The protection of both physical and digital data from accidental or intentional modification, destruction, or disclosure
One of the biggest contributing factors to the rise in cyber attacks is the constantly-increasing amount of data available. Ninety-percent of the data in the world today has been created within just the past two years. In the world of commercial real estate, every activity involves data – spreadsheets with hundreds and even thousands of lines of information. IDC reports that the amount of data created and copied annually will reach 180 zettabytes (180 followed by 21 zeroes) by 2025. This vast quantity of data presents more opportunities for attack than ever before, especially if firms and organizations don’t take appropriate action.
Further, cybercrime comes in many forms, and the list is growing every day as technology gets more advanced and hackers become more sophisticated. Events that expose an organization or firm to cyber risk can be intentional (i.e. deliberately malicious acts of sabotage or theft) or unintentional (i.e. user error that makes a system unavailable or as victims of social engineering). They can also come from internal sources, such as employees or contractors, or external sources, such as cybercriminals or hacktivists.
How Cyber Risk Affects CRE Companies
While the commercial real estate industry has not historically been targeted, it is just as vulnerable as every other industry when it comes to cybersecurity. And due to these misconceptions, CRE firms have been slow to invest in preventative cybersecurity measures. According to NREI, “The days of hackers targeting only retailers are long gone. With attacks that can misdirect wire transfers and hold computer systems hostage, hackers can successfully target any industry, particularly those that are behind the curve for cybersecurity.”
Commercial real estate firms may be particularly attractive due to their access to both data and money. CRE professionals handle a lot of sensitive and confidential personal and financial information, and they are creating, using, storing, and sharing more data than ever before. Further, CRE firms may be even more vulnerable than other companies given the large dollar transactions related to acquisitions, distributions, and financing of real estate properties. In fact, KPMG reports that 1 in 3 real estate firms have experienced a cybersecurity incident in the last 2 years, though that number is likely higher since firms do not always realize they have been infiltrated. Additionally, a SpectorSoft study found that over 1/3 of data attacks in the real estate sector are carried out by insiders.
Studies repeatedly demonstrate that many CRE firms are unprepared to face cyber attacks, which is why it’s more important now than ever before to be proactive and make cybersecurity a priority for your firm. With the fear of cyber risk alleviated, you can get back to what you do best: buying, selling, and managing commercial real estate!
For more information check out part 2 of this article, where we outline a cybersecurity strategy for CRE firms.