Why ransomware attacks pose a unique threat to real estate

The threat of cyberattacks has been on the rise in recent years, spurred on by the Covid-19 pandemic and a growing sophistication among cyber criminals. While all sectors are reacting to the threat of these attacks, some areas, like real estate, are facing threats to the entire infrastructure of buildings, which can potentially cause disruption and even injuries if left unchecked.

Cyber crimes are made up of an array of attacks, including ransomware. Ransomware attacks are designed to take sensitive company material, like data, or an entire network infrastructure hostage, with criminals releasing the control after a payment has been made.

As the rate of these attacks has increased, some companies may feel that they do not run the same risk as larger companies, as they do not have the same high-profile exposure. This is not the case though, with the majority of companies now reliant on network providers for services to their operations, data storage, and infrastructure. Cyber-crime is a growing threat for real estate companies of all shapes and sizes.

The rise in successful ransomware attacks has been propped up by the switch to working from home due to the Covid-19 pandemic. As a result, cyber security became more vulnerable, with more sophisticated emails designed by criminals to gain access to data and other information via emails, links, and other techniques.

The reaction from insurers to the ransomware trend has been a swift and dramatic increase in premiums and self-insured retentions, with cyber policies now becoming a costly necessity. The level of scrutiny applied to a company’s cyber security risk controls has also increased with insurers selecting the “best in class” risks from a cyber maturity perspective.

Cyber risk in real estate

While real estate companies have begun to take on board the importance of cyber coverage they remain behind more heavily regulated sectors like banks and financial services. The threat of cyber crime in real estate goes beyond costs, with the threat of disruptive and reputational risk also at play.

Increased production of smart technology buildings is perhaps the most unique cyber threat in the real estate sector. As the infrastructure of a building is tied to a network, if a cyber attack were successful on the building’s network or its network provider, an array of
threats become possible.

A building with a compromised network infrastructure could, theoretically, lead to equipment in the building also being at risk. For example, a ransomware attack on a smart building could affect the property’s fire alarm system or disable the lifts from working, actions that could have fatal consequences if a fire or another emergency were to occur in the building.

An uncertainty of where responsibility for cyber-attacks sits between the property, network provider, and the occupants has led to a static environment, where no involved party is acting to prevent cyber-attacks, believing the responsibility of the task belongs elsewhere.

How can real estate companies get attractive cyber policies?

The surge in cyber crime has meant that securing a low-price cyber policy is unlikely for companies. However, there are measures that property owners can and should have in place in order to be in the best position possible to take out a new policy or renew existing cyber coverage.

  • Multifactor authentication: A two-step verification process is a basic necessity for companies, including real estate. The process means users will login first with a username and password, before confirming the login on a separate device, like a smart phone
    or tablet.

    A multi-step login does not nullify a cyber threat altogether, but it will help minimise the risk of operations being compromised at no additional cost.

  • Security assessment: A comprehensive assessment of a company’s network will help identify any flaws in a company’s security.

    A thorough analysis of the measures in place will also help in demonstrating to insurers what measures are being taken to prevent cyber-crime, an aspect that will certainly place firms in better stead when renewing or taking out a new policy.

  • Education: A system is only as strong as its weakest link, so ensuring that users are aware of the basics of cyber security is a must.

    Education on cyber-crime can include online training, teaching employees how cyber criminal operate, and how best to identify fraudulent emails and other suspicious activity.

    Another route is for an internal team to produce a fraudulent email, which will allow an IT team to track how many people click a link or reply to a suspicious email.

    As with a security assessment, insurers will want to know what measures are in place in educating those which are exposed to cyber crimes on a daily basis. Ensuring robust training and education is in place will benefit property owners in securing the best-priced cyber insurance policy.

You can watch our most recent webinar on Understanding cyber risks in the real estate sector here. (opens a new window)

If you would like to discuss what risks cyber crime may pose to your business and what options are available to you, please contact your Lockton representative or visit our Global Cyber and Technology page on our website. (opens a new window)