UK firms are 'sleepwalking' into smart building cyber threats
A new report from RICS warns the property sector is failing to address smart building cyber threats


The Royal Institution of Chartered Surveyors (RICS) has issued a stark warning to UK businesses over the rise of smart building cyber threats, urging them to bolster security capabilities.
In a new report published this week, the professional body highlighted the rapidly growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings, a domain it suggested the property sector has been slow to address.
Underpinning the alert, the latest RICS Facilities Management survey revealed that more than a quarter (27%) of respondents said their building had experienced a cyber attack in the last 12 months.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
This marks a sharp increase from 16% the previous year, demonstrating a rapidly accelerating threat landscape.
The paper, Digital risks in buildings, noted how integrating systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks created a vastly expanded attack surface.
OT infrastructure often lacks the security maturity of traditional IT, the institute added. For example, a commercial building opened as recently as 2013 could still be reliant on an unsupported operating system like Windows 7 for critical functions, leaving it vulnerable to known exploits.
Beyond direct operational disruption, such as holding a building’s HVAC or access systems to ransom, RICS analysed the wider business implications.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
These included the risk of invalidated insurance policies, which increasingly feature cyber attack exclusions, significant reputational damage, and the potential for a ‘digital discount’ to be applied to a property’s value due to poor digital hygiene.
How to tackle smart building cyber threats
Guidance outlined by the institute highlighted several action plans for building stakeholders, industry bodies, and government, urging them to adopt a holistic view of digital risk, from procurement and systems management to incident response.
“Buildings are no longer just bricks and mortar; they have evolved into smart, interconnected digital environments," said Paul Bagust, RICS head of Property Practice.
"While these technologies bring many benefits, they also create multiple risks which can be exploited. Failure to identify these growing digital challenges and incorporate security countermeasures risks businesses sleepwalking into cyber attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Gestion du cloud avancée : Qu'est-ce que StreamOne® et comment la plateforme peut-elle représenter un avantage pour votre entreprise, aujourd'hui et dans le futur?
Sponsored Ne vous contentez pas d'acheter le cloud, maîtrisez-le. La plateforme StreamOne® de TD SYNNEX offre une puissante approche écosystème de la gestion avancée du cloud, dépassant largement les limites d'une marketplace classique...
-
Malware as a service explained
Explainer What is malware as a service (MaaS), why is it so popular with adversaries, and what can businesses do to protect themselves from this growing threat?
-
Developers face a torrent of malware threats as malicious open source packages surge 188%
News Researchers have identified more than 16,000 malicious open source packages across popular ecosystems
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Using WinRAR? Update now to avoid falling victim to this file path flaw
News WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
A major ransomware hosting provider just got hit US with sanctions
News Aeza Group's services were being used for ransomware, infostealers, and disinformation
-
Hackers are using PDFs to impersonate big brands like Microsoft and PayPal in a new threat campaign
News Hackers are increasingly using PDF attachments to impersonate major brands in phishing campaigns, according to new research from Cisco Talos.
-
5 Steps to Prioritize Based on Risk with Snyk
-
Beyond the Vulnerability Backlog: Building Risk-Based AppSec Programs
-
Why the Fastest Technology Companies choose Snyk Cheat Sheet