Understanding cyber risks in real estate

Frank Magliocco National Leader for Private Clients, PwC Canada May 12, 2021

While the real estate industry has self-admittedly been slow to embrace technology, this is changing quickly. Our Emerging Trends in Real Estate 2021 report found the pandemic has forced the industry to embrace technology solutions, from collaboration tools and virtual open houses to digital payments and property technology (proptech) to ensure business continuity.

Protecting data in a virtual world

Proptech tools, smart buildings and other technologies have significant benefits, but they also create new risks and vulnerabilities. Prior to the pandemic, many real estate companies lacked a comprehensive information technology strategy and weren’t using the full capabilities of the tools they did have in place. With the expanded use of existing tools and accelerated adoption of new ones, they’re now facing additional gaps in security.

Real estate companies should consider how they’re going to protect their organizations in an increasingly virtual world. Our 24th CEO Survey found cybersecurity was the top concern of Canadian CEOs—even more so than the pandemic itself—with 47% of respondents saying they’re extremely concerned about cyber threats. To support this, 69% of Canadian CEOs plan to increase their long-term investments in cybersecurity and data privacy over the next three years.

How to approach cybersecurity

As real estate organizations continue to digitize their businesses, cybersecurity needs to be part of their risk management. To effectively prepare for and respond to cybersecurity threats, real estate companies should think about the following measures and best practices:

  1. Understand your risks: Conduct an assessment to see where you’re at and where any security gaps exist. From there, you can develop a road map. This road map should be practical, adapted to your business and focused on areas where you’ll get the best bang for your buck. You can start small and grow from there.
  2. Start prioritizing: Once you understand your risks, you can better understand which ones to prioritize. There are a number of cybersecurity frameworks that provide guidelines and best practices, such as the NIST Cyber Security Framework and CIS Critical Security Controls. The framework you adopt should be based on the maturity of your cyber program.
  3. Do your due diligence: Perform adequate due diligence before introducing any new technologies. This could include performing a risk assessment, architecture review or penetration test. If you’re working with cloud providers or managed service providers, make sure you have a way to evaluate the ongoing security posture of those providers.
  4. Monitor risk exposure: Define and implement clear processes for monitoring your overall risk exposure on an ongoing basis. For example, third-party risk exposure changes over time.
  5. Monitor malicious activity: Monitor your technology environment for signs of malicious activity at all times.
  6. Ensure business continuity: Prepare a robust incident response and crisis management plan so if something does go wrong, you’re prepared. For example, your team should know what steps to follow if there’s a ransomware attack.

Next steps

Besides these measures, it’s important for real estate companies to focus on ensuring sufficient resources to address cybersecurity. At the same time, cybersecurity should be everyone’s responsibility, so it’s important to take an integrated approach by uniting your lines of defence. If your organization doesn’t have in-house resources, you can still prioritize cybersecurity by working with a managed service provider to fill in the gaps. Our Digital Trust Survey found that 94% of Canadian respondents use or plan to use managed services to future-proof their security team.

As you focus on your cybersecurity strategy, remember that you can start small by prioritizing high-value activities and building from there. By starting the journey now, you’ll be ready to handle the new risks and threats emerging today and those to come in the future.

Cybersecurity, privacy and financial crime

Use data with confidence

Innovate and transform securely to create new value for society in a digital, data-driven world.
Learn more

Contact us

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Frank Magliocco

Frank Magliocco

National Leader for Private Clients, PwC Canada

Tel: +1 416 930 6514

Follow PwC Canada