Understanding cyber risk for asset managers and owners.
Across the world, tenants have increasing expectations of intelligent buildings, providing them access to technology and automated systems, from online storage to health and safety, communications, climate control, lighting, security and more.
As an example, around 20% of the UK’s commercial buildings are defined as ‘smart’, and the world’s smart building market is expected to be worth up to $24.73 billion by 2021. As an asset owner, huge gains can come from the automation and optimisation of services and increasing the sustainability rating of the asset.
Despite adding value, the increased connectivity of these smart services can have a negative side – they can open up those who occupy them to a higher risk of cyber attack through ‘disruption of service’ or potential gateways to data. The threat exists for all asset classes across the real estate industry: office and apartment blocks, data centres, industrial sites, and even public spaces like hospitals, universities, hotels and shopping centres.
As we describe in our recent Grant Thornton report 'Locking down the value of data' one of the biggest challenges facing today’s leaders is ensuring that their businesses can anticipate and mitigate cyber risk. As an asset manager or owner, while the risk is primarily with your tenants, the impact on the building’s reputation and your own if an attack occurs could be devastating. Therefore, the issue of cyber security should be squarely on the boardroom table of building owners and management companies.
In this article, describe why cyber risk management and data protection need to be key elements of the investment in smart buildings at all stages of the asset lifecycle.
«Smart buildings – the new frontier of commercial and residential constructions – present new challenges in managing Cyber Risks», says Renato Sesana, Partner at Grant Thornton Financial Advisory Services, «Indeed cyber risks may be one of the side effects of the new technologies applied to different fields:
Operational Technology (OT) Systems: climate control systems, fire prevention systems and elevators controllers;
- Internet Of Things (IoT): such as CCTVs, personal health protection system, building intercom systems;
- Information technology: devices such as laptops, workstations, notebooks, pads.
These systems may all be open to attacks and therefore generate risks. On one side, cyber-attacks are a threaten for users, in terms of data theft and information, frauds, privacy breaches, but also in terms of health and security. On the other side, these attacks can open up asset managers and owners to many risks, including above all reputational risks.
Therefore, it could be useful to run a proper risk analysis, that, moving on from checking the capability of systems to respond to cyber-attacks, may lead to the introduction of innovative devices to detect, monitor and fight cyber-attacks».