Cyber breaches in the commercial real estate industry exist and are thriving, despite continued efforts to minimize the impact, according to Withum‘s Cyber and Information Security advisory group.
Withum suggested the CRE industry is one of the fastest-growing targets for cyber attacks.
“Commercial real estate has an over-abundance of the two things cybercriminals are after — information and money,” Joe Riccie, partner at Withum and market leader of the Cyber and Information Security Services Group, said. “In commercial real estate transactions, there is a lot at stake, which is why this industry and all those involved in it have become even more vulnerable to cybercrimes.”
In 2017, the FBI reported about $1 billion was stolen from buyers in real estate transactions and an uptick of 480 percent in inbound complaints.
“Criminals are focused on valuable company data, information about each of the parties involved (buyer, seller, tenants) and an entry pipeline into the financial institution/bank providing financing for the transactions,” Riccie said. “Once this information is accessed, hackers take it one step further to gain entry to personal account information that is then sold on the dark web or to other more sophisticated cyber criminals.”
Robert Egan, a partner with Archer Law, urged cyberattack victims to open up about a breach and involve all parties once it has been discovered.
“The potential breach must be investigated to ensure the hackers are out of your system,” Egan said. “From the onset, it is important to determine your legal obligations and remediate all vulnerabilities to minimize future risks.”
Tony Sardis, partner and president of Withum Insurance Advisors, said no industry is immune.
“Cybercrime takes on many different forms, from phishing scams and mobile device/computer hacking to inside threats posed by employees,” Sardis said.
Sardis also suggested real estate entities implement strategies and tools to combat cyber crimes and promote safe security.
Here were his suggestions:
- Acquire cyber insurance from a reputable company for all business activities;
- Require cyber insurance from subcontractors and vendors;
- Report any breaches to the insurance company immediately upon discovery.