UK firms are 'sleepwalking' into smart building cyber threats

Smart city concept image showing futuristic, digitized city skyline with skyscrapers illuminated by lights.

(Image credit: Getty Images)

published 2 July 2025

The Royal Institution of Chartered Surveyors (RICS) has issued a stark warning to UK businesses over the rise of smart building cyber threats, urging them to bolster security capabilities.

In a new report published this week, the professional body highlighted the rapidly growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings, a domain it suggested the property sector has been slow to address.

Underpinning the alert, the latest RICS Facilities Management survey revealed that more than a quarter (27%) of respondents said their building had experienced a cyber attack in the last 12 months.

This marks a sharp increase from 16% the previous year, demonstrating a rapidly accelerating threat landscape.

The paper, Digital risks in buildings, noted how integrating systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks created a vastly expanded attack surface.

OT infrastructure often lacks the security maturity of traditional IT, the institute added. For example, a commercial building opened as recently as 2013 could still be reliant on an unsupported operating system like Windows 7 for critical functions, leaving it vulnerable to known exploits.

Beyond direct operational disruption, such as holding a building’s HVAC or access systems to ransom, RICS analysed the wider business implications.

These included the risk of invalidated insurance policies, which increasingly feature cyber attack exclusions, significant reputational damage, and the potential for a ‘digital discount’ to be applied to a property’s value due to poor digital hygiene.

How to tackle smart building cyber threats

Guidance outlined by the institute highlighted several action plans for building stakeholders, industry bodies, and government, urging them to adopt a holistic view of digital risk, from procurement and systems management to incident response.

“Buildings are no longer just bricks and mortar; they have evolved into smart, interconnected digital environments," said Paul Bagust, RICS head of Property Practice.

"While these technologies bring many benefits, they also create multiple risks which can be exploited. Failure to identify these growing digital challenges and incorporate security countermeasures risks businesses sleepwalking into cyber attacks.”

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.