Real estate investment trusts (REITs) often overlook the cybersecurity of their portfolio. This negligence towards security isn't deliberate in most cases; many don’t realize the vulnerabilities rampant in the newly IP-based technologies used to operate their buildings. These new IP-based technologies make the cybersecurity front much more vital to solvency. REITs have to pay attention and start to take extensive measures to secure these operational technologies.
There are a multitude of angles cyber attacks come from including ransomware, phishing, viruses, etc. Through these means of attack, threats typically look for weaknesses in unpatched technologies and 3rd party vendors. Insecure tenants may be exposed, but REITs are still liable in the case of an attack for all other tenants and their constituent consumers that were breached. Weaknesses within systems are exposed in the realm of the Internet of Things (IoT) ranging from heating and air ventilation systems (HVAC) to on-site security systems.
A breach within a REIT's system can lead to immediate or permanent denial of services to the networks, and in the worst cases customers' and organizational information compromised.
Inattention to these aspects can cause significant damages to revenue producing aspects of the REIT. The attack might influence a tenant to leave and take its business elsewhere. A leaving tenant also entails a necessary rebound by attempting to find another tenant to occupy empty space. Another twist is the breaching of a tenant's data is unequivocally bad for consumer trust and could permanently damage the reputation of the REIT. This hit in sales could eventually come back to hurt smaller REITs with limited occupying tenants contributing rent. Distrust between tenants and a landlord will eventually permeate the market and a landlord might never be able to regain a solid reputation after a sizable attack.
Because REITs as landlords are liable when situations like this occur they are also liable in court. It is imperative when dealing with security breaches to abide by the up-to-date laws without fail. Resulting to do otherwise can result in fines by authorities or law-suits. Fines can be placed due to neglecting compliance and class-action suits by disgruntled consumers with compromised personal information.
The inability to secure the cyber-front for a REIT can cause millions in remediation. Double backing on security will not spare any organization time or capital considering vendors or IT might need radical refurbishment or all-together disbandment. Remediation costs for REITs typically exceed $7 million per case and amounted to $51 million across the industry last year.
For a REIT, losing investor confidence due to cybersecurity issues is becoming more of a reality as the rate of cybercrime increases 10% annually and the IoT in real-estate properties increases. Compliance is forcing commercial organizations such as REITs to reconsider whether their security is competent enough. For example, the EU General Data Protection Regulation (GDPR), applying to virtually all international organizations, dictates a security breach be reported within 72 hours of discovery. Among other regulations, REITs are responsible for setting industry standard security measures that demand thorough risk assessment at the very least. Unwillingness to resolve a security threat might cripple a REIT in a massive security threat.
Domain5 is committed to providing support to REITs of all industries and sizes at an effective return on cybersecurity investment (ROIC). This support includes a part-time chief information security officer that is flexible to any small business demand large or small. Our support extends to risk assessment of current networks, information security, and compliance advise. Domain5 indivisibly recognizes the absolute necessity of maintaining cybersecurity awareness while simultaneously compensating for effective allocation of resources in any financial situation.