Skip to main content
Marsh logo

Newsletter

Cyber threats within the real estate sector

Discover rising cyber threats in the real estate sector. Learn about key risks, including ransomware and data breaches, and how to safeguard your business.

07/10/2024 · 4 minute read

The real estate sector is experiencing an increase in cyber-attacks, with a significant rise in business and employee email-account compromise attacks — resulting in a substantial increase in reported monetary loss across the industry. Subsequently, the real estate industry recognises that cybersecurity and data protection are crucial for building and protecting enterprise value.

Cyber evolution within the real estate sector

The real estate sector, which has been traditionally slow in embracing technology, is currently undergoing a digital revolution ­— with the COVID-19 pandemic accelerating the adoption of newer forms of technology. The industry is now leveraging collaboration tools, virtual open houses, and digital payment systems to enhance efficiency, improve customer experience, and mitigate cyber risks.

The shift toward embracing technology is leading to a digital transformation within the real estate sector. However, as the real estate sector embraces new technologies and digitalisation, it also encounters greater cyber risks that require sufficient and appropriate mitigation. Expertly managing information and implementing robust cybersecurity measures is crucial for safeguarding sensitive data and maintaining trust among clients and stakeholders.

Notable cyber risks

The real estate sector faces several key, industry-specific cyber risks, including:

  • Data breaches - Real estate companies handle vast amounts of sensitive data, including personal and financial information of clients and tenants. A data breach can result in significant reputational damage, financial losses, and legal consequences. Cybercriminals may specifically target real estate firms to gain access to large volumes of valuable data.
  • Ransomware attacks - Typically, ransomware attacks involve cybercriminals encrypting a company's data and demanding a ransom for its release. Real estate companies may be targeted due to their business operations’ reliance on critical data and systems, such as property management software or financial records. A successful ransomware attack can disrupt operations and lead to financial losses.
  • Phishing, social engineering, and business email compromise (BEC) - Real estate professionals often communicate with clients, tenants, and partners via email — making them susceptible to phishing, social engineering, and BEC attacks. Cybercriminals may impersonate legitimate parties involved in a transaction — such as buyers, sellers, or agents — and attempt to deceive individuals into revealing sensitive information or transferring funds to fraudulent accounts. As real estate transactions often involve large sums of money, the industry is an attractive target for cybercriminals looking to conduct these forms of attacks via telephone calls and text messages or distribution of malicious email attachments.
  • Third-party risks - Real estate companies often collaborate with various third-party vendors, contractors, and service providers, who may have weaker or incomplete cyber controls. These relationships can introduce additional cyber risks, as cybercriminals may exploit vulnerabilities in the systems or networks of third parties to gain unauthorised access to the real estate company's data.
  • Internet of Things (IoT) vulnerabilities - The increasing use of IoT devices in real estate — such as smart locks, security cameras, and building automation systems — can create new vulnerabilities for cyber-attacks. Inadequate security measures in these devices can be exploited by hackers to gain unauthorised access to the property's systems or compromise privacy.

Market dynamics

The London cyber insurance market is experiencing significant developments, with a focus on managing major cyber events and improving exposure management. In the first quarter of 2024, the London cyber insurance market experienced continued rate reductions — seeing double-digit decreases for a second consecutive quarter. Additionally, 24% of clients increased their overall limits, indicating increased competition in the primary space as insurers aim for significant growth targets.

The threat environment for 2024 remains consistent with 2023, with a rise in ransomware attacks and supply chain incidents — particularly in the US. However, improved competition from insurers and significant new carrier capacity, is providing clients with more options and improved risk management services.

Next steps

Overall, the real estate sector is not immune to the evolving cyber threats seen in the London cyber market. While cyber insurance market pricing has been reducing in the past 12 months, incidents and cyber threat activity against insureds does remain high. The industry must prioritise cybersecurity to safeguard sensitive information, maintain trust among clients and stakeholders, and mitigate financial and reputational risks associated with cyber-attacks.

It is crucial that real estate companies implement robust cybersecurity measures. These can include, employee training, network security protocols, data encryption, and regular vulnerability assessments — strategies can help mitigate cyber threats and protect sensitive information.

For further discussion on your real estate business prepares for a cyberattack, reach out to a Marsh adviser.

Contact us

Meet our authors

Samuel Scott

Samuel Scott

UK Retail Broker, Cyber, Media & Technology Practice, Marsh Specialty

  • United Kingdom

Related insights

Placeholder Image

Strata insurance market update 2024: Australia

30/07/2024
Placeholder Image

Event

Meet the Marsh Real Estate, Construction and Private Equity teams at MIPIM 2024

30/01/2024
Low Angle View Of Modern Buildings In City Against Clear Sky

Podcast

Risk in Context Podcast: Adapting real estate to fit the cities of the future

28/11/2023
Chicago, Illinois, USA downtown skyline from Lincoln Park at twilight.

2023 Global Real Estate & Hospitality Conference

28/11/2023
View more