Cybersecurity and Data Privacy in CRE: 10 Steps to Manage and Mitigate Risk

Commercial real estate data

Cybersecurity and data privacy have not traditionally been high on the list of concerns for commercial real estate firms. Key developments in CRE, advances in technology, and a continuing proliferation of cyber threats, however, are changing that. Data breaches like those experienced by Essex Property Trust and Fidelity National Financial confirm that the CRE sector is not immune from the dangers posed by cyber criminals seeking to steal personally identifiable information (“PII”). And as CRE firms increase their use of internet-connected technologies in building systems, they must contend with “cyber-physical” risk – risk of property damage or bodily injury that is created by cybersecurity threats to those building systems.
These risks can lead to potentially enormous legal and financial exposure for CRE firms: according to the 2016 version of an oft-quoted annual study conducted by the Ponemon Institute LLC and sponsored by IBM, the average total cost of a data breach for companies in the United States is currently $7.01 million. That total cost can include investigation and remediation costs, legal expenditures and regulatory fines, among others.
Total elimination of this legal and financial exposure arising from cybersecurity and data privacy risk is impossible. But by taking proactive steps to identify, mitigate and manage its cybersecurity and privacy risk, an organization can substantially reduce both the likelihood and impact of cybersecurity and data privacy incidents. This two-part series will describe 10 concrete actions any CRE organization can take to better position itself to weather the next cybersecurity storm.

Read entire article in the NAIOP blog.

Find out more about commercial real estate financing by visiting us here at Liberty Realty Capital Group.