The Royal Institution of Chartered Surveyors (RICS) has issued a stark warning to UK businesses over the rise of smart building cyber threats, urging them to bolster security capabilities.
In a new report published this week, the professional body highlighted the rapidly growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings, a domain it suggested the property sector has been slow to address.
Underpinning the alert, the latest RICS Facilities Management survey revealed that more than a quarter (27%) of respondents said their building had experienced a cyber attack in the last 12 months.
This marks a sharp increase from 16% the previous year, demonstrating a rapidly accelerating threat landscape.
The paper, Digital risks in buildings, noted how integrating systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks created a vastly expanded attack surface.
OT infrastructure often lacks the security maturity of traditional IT, the institute added. For example, a commercial building opened as recently as 2013 could still be reliant on an unsupported operating system like Windows 7 for critical functions, leaving it vulnerable to known exploits.
Beyond direct operational disruption, such as holding a building’s HVAC or access systems to ransom, RICS analysed the wider business implications.
These included the risk of invalidated insurance policies, which increasingly feature cyber attack exclusions, significant reputational damage, and the potential for a ‘digital discount’ to be applied to a property’s value due to poor digital hygiene.
How to tackle smart building cyber threats
Guidance outlined by the institute highlighted several action plans for building stakeholders, industry bodies, and government, urging them to adopt a holistic view of digital risk, from procurement and systems management to incident response.
“Buildings are no longer just bricks and mortar; they have evolved into smart, interconnected digital environments," said Paul Bagust, RICS head of Property Practice.
"While these technologies bring many benefits, they also create multiple risks which can be exploited. Failure to identify these growing digital challenges and incorporate security countermeasures risks businesses sleepwalking into cyber attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Microsoft layoffs set to hit 9,000 staff in biggest round of cuts since 2023News The latest round of layoffs at the tech giant is expected to impact around 9,000 staff globally.
-
Trustwave acquisition positions LevelBlue as 'largest pure-play MSSP'News LevelBlue's acquisition of Trustwave will create the world's largest managed security services provider.
-
5 Steps to Prioritize Based on Risk with Snyk -
Beyond the Vulnerability Backlog: Building Risk-Based AppSec Programs -
Why the Fastest Technology Companies choose Snyk Cheat Sheet -
6 steps to a stronger security posture through automation -
IT & Security: The Critical Alliance Against Cyber ThreatsWhitepaper Actionable tips for creating a unified defense
-
Device Management Is a Losing BattleWhitepaper Discover the winning strategy to regain control
-
Stronger Together: Why IT-Security Collaboration Drives Greater Security and EfficiencyWhitepaper Discover why unification is the key to scalable, consistent security
-
‘Insiders don’t need to break in’: A developer crippled company networks with malicious code and a ‘kill switch’ after being sacked – and experts warn it shows the huge danger of insider threatsNews Security experts have warned ITPro over the risks of insider threats from disgruntled workers after a software developer deployed a 'kill switch' to sabotage his former employer’s networks.
