UK firms are 'sleepwalking' into smart building cyber threats
A new report from RICS warns the property sector is failing to address smart building cyber threats
The Royal Institution of Chartered Surveyors (RICS) has issued a stark warning to UK businesses over the rise of smart building cyber threats, urging them to bolster security capabilities.
In a new report published this week, the professional body highlighted the rapidly growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings, a domain it suggested the property sector has been slow to address.
Underpinning the alert, the latest RICS Facilities Management survey revealed that more than a quarter (27%) of respondents said their building had experienced a cyber attack in the last 12 months.
This marks a sharp increase from 16% the previous year, demonstrating a rapidly accelerating threat landscape.
The paper, Digital risks in buildings, noted how integrating systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks created a vastly expanded attack surface.
OT infrastructure often lacks the security maturity of traditional IT, the institute added. For example, a commercial building opened as recently as 2013 could still be reliant on an unsupported operating system like Windows 7 for critical functions, leaving it vulnerable to known exploits.
Beyond direct operational disruption, such as holding a building’s HVAC or access systems to ransom, RICS analysed the wider business implications.
These included the risk of invalidated insurance policies, which increasingly feature cyber attack exclusions, significant reputational damage, and the potential for a ‘digital discount’ to be applied to a property’s value due to poor digital hygiene.
How to tackle smart building cyber threats
Guidance outlined by the institute highlighted several action plans for building stakeholders, industry bodies, and government, urging them to adopt a holistic view of digital risk, from procurement and systems management to incident response.
“Buildings are no longer just bricks and mortar; they have evolved into smart, interconnected digital environments," said Paul Bagust, RICS head of Property Practice.
"While these technologies bring many benefits, they also create multiple risks which can be exploited. Failure to identify these growing digital challenges and incorporate security countermeasures risks businesses sleepwalking into cyber attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
How the rise of the AI ‘agent boss’ is reshaping accountability in ITIn-depth As IT companies deploy more autonomous AI tools and agents, the task of managing them is becoming more concentrated and throwing role responsibilities into doubt
-
Hackers are pouncing on enterprise weak spots as AI expands attack surfacesNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technology
News Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
