UK firms are 'sleepwalking' into smart building cyber threats
A new report from RICS warns the property sector is failing to address smart building cyber threats


The Royal Institution of Chartered Surveyors (RICS) has issued a stark warning to UK businesses over the rise of smart building cyber threats, urging them to bolster security capabilities.
In a new report published this week, the professional body highlighted the rapidly growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings, a domain it suggested the property sector has been slow to address.
Underpinning the alert, the latest RICS Facilities Management survey revealed that more than a quarter (27%) of respondents said their building had experienced a cyber attack in the last 12 months.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
This marks a sharp increase from 16% the previous year, demonstrating a rapidly accelerating threat landscape.
The paper, Digital risks in buildings, noted how integrating systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks created a vastly expanded attack surface.
OT infrastructure often lacks the security maturity of traditional IT, the institute added. For example, a commercial building opened as recently as 2013 could still be reliant on an unsupported operating system like Windows 7 for critical functions, leaving it vulnerable to known exploits.
Beyond direct operational disruption, such as holding a building’s HVAC or access systems to ransom, RICS analysed the wider business implications.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
These included the risk of invalidated insurance policies, which increasingly feature cyber attack exclusions, significant reputational damage, and the potential for a ‘digital discount’ to be applied to a property’s value due to poor digital hygiene.
How to tackle smart building cyber threats
Guidance outlined by the institute highlighted several action plans for building stakeholders, industry bodies, and government, urging them to adopt a holistic view of digital risk, from procurement and systems management to incident response.
“Buildings are no longer just bricks and mortar; they have evolved into smart, interconnected digital environments," said Paul Bagust, RICS head of Property Practice.
"While these technologies bring many benefits, they also create multiple risks which can be exploited. Failure to identify these growing digital challenges and incorporate security countermeasures risks businesses sleepwalking into cyber attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Microsoft layoffs set to hit 9,000 staff in biggest round of cuts since 2023
News The latest round of layoffs at the tech giant is expected to impact around 9,000 staff globally.
-
Trustwave acquisition positions LevelBlue as 'largest pure-play MSSP'
News LevelBlue's acquisition of Trustwave will create the world's largest managed security services provider.
-
5 Steps to Prioritize Based on Risk with Snyk
-
Beyond the Vulnerability Backlog: Building Risk-Based AppSec Programs
-
Why the Fastest Technology Companies choose Snyk Cheat Sheet
-
6 steps to a stronger security posture through automation
-
IT & Security: The Critical Alliance Against Cyber Threats
Whitepaper Actionable tips for creating a unified defense
-
Device Management Is a Losing Battle
Whitepaper Discover the winning strategy to regain control
-
Stronger Together: Why IT-Security Collaboration Drives Greater Security and Efficiency
Whitepaper Discover why unification is the key to scalable, consistent security
-
‘Insiders don’t need to break in’: A developer crippled company networks with malicious code and a ‘kill switch’ after being sacked – and experts warn it shows the huge danger of insider threats
News Security experts have warned ITPro over the risks of insider threats from disgruntled workers after a software developer deployed a 'kill switch' to sabotage his former employer’s networks.