With the digitalisation of the real estate industry and the increase in connected smart homes and smart buildings, the importance of cyber security is also growing in this sector. Although connected, intelligent buildings offer residents and users many advantages, they also harbour the risk of falling victim to cybercrime.
Cyberattacks in the real estate sector on the rise
The dynamics of this threat have long been underestimated, as the industry has traditionally focussed more on physical security measures. However, the fact that the real estate industry is also increasingly affected by cyberattacks underlines the need for this sector to address the issues of cyber risks and cybersecurity comprehensively.
Smart building technologies in more and more buildings
In the property industry, a large number of technologies from a wide range of manufacturers are increasingly being used both in the companies themselves and in the properties. These include ERP systems and other often networked IT systems and applications as well as technical installations in buildings that have web-based access and are therefore relevant in terms of cyber security. Examples include solutions for consumption measurement (smart metering), photovoltaic systems, remote access for heating control or sensor technology for predictive maintenance.
Awareness of cyber security in the real estate industry
How aware is the real estate industry of the cyber risks associated with the use of more and more technological solutions and advancing digitalisation? Where does the property industry see itself on this topic and is it even considered relevant?
We investigated these questions for our white paper "Cyber security in the property industry". We developed and tested the underlying online survey together with the German Property Federation (ZIA) and selected companies from the property industry. More than 100 participants from all management and specialist levels of the property industry completed the questionnaire, 85 per cent of whom are employees in management and executive positions.
Marco Müth
Partner, Financial Services, Head of Real Estate
KPMG AG Wirtschaftsprüfungsgesellschaft
Robert Betz
Partner Asset Management, Real Estate
KPMG AG Wirtschaftsprüfungsgesellschaft
Comprehensive picture of cyber security
The participating companies represent both the players in the property sector (e.g. fund and asset management, housing companies, investors and project development) and the property usage classes (such as residential, retail, office, hospitality, industry, social).
With the support of the entire industry, we were thus able to create an overarching picture of the topic of cyber security and answer key questions. The study is intended to help create transparency on the topic and provide insights into the current handling of cyber security in the property industry. These insights also serve as a basis for action for future strategies and measures.
Central results
We have categorised the findings from the survey into three fields of action: "Company", "Real estate" and "Employees". Here is an abridged overview:
1. company field of action:
- The larger the company, the more likely it is that a cyber attack will occur.
- Companies that rate the relevance of cyber security particularly highly are nevertheless less likely to take proactive measures to improve it.
- 51 per cent of the participating companies have already established a cyber security strategy within the company, while 33 per cent are in the strategy implementation phase.
2nd field of action: real estate:
- Smart building technologies play a role for 89 per cent of respondents and 69 per cent have at least one smart building technology installed in their properties that needs to be protected.
- Almost 80 per cent of companies do not have a company-wide strategy for protecting building technology against cyberattacks.
3. field of action: employees:
- Non-managerial employees rate their knowledge of cyber security lower than managers do.
- In most companies, only one employee deals with cyber security issues. Over 70 per cent commission external service providers.
- 79 per cent of the participating companies conduct training for employees on cyber security based on a training plan.