New York City’s commercial real estate (CRE) market is a thriving giant. With a growing number of “smart buildings” and an ever-increasing reliance on technology, the industry is experiencing a digital transformation. However, this progress comes hand-in-hand with a growing need for robust security and cybersecurity measures.
Recent studies show a significant rise in smart building adoption within NYC’s CRE landscape. According to a 2023 report by Dodge Data & Analytics, smart building construction in the city is projected to grow by 15% annually over the next five years. These buildings integrate Internet of Things (IoT) devices to manage everything from energy consumption to access control and tenant amenities. While offering convenience and efficiency, these interconnected systems also create vulnerabilities that cybercriminals can exploit.
The Expanding Threat Landscape
A 2024 report by Cybersecurity Ventures, a global researcher and publisher on cyber economy, predicts worldwide cybercrime damages to hit a staggering $10.5 trillion by 2025. The CRE sector is no exception, facing a wider range of threats than ever before. Data breaches exposing tenant information and financial records remain a major concern. However, the potential consequences of a successful cyberattack can be even more disruptive. Ransomware attacks crippling building operations can leave tenants without essential services like climate control or elevators, causing significant business interruptions and reputational damage.
Even more concerning is the potential manipulation of environmental controls. Hackers gaining access to a building’s HVAC system could create uncomfortable or even dangerous working conditions. The integration of smart locks and access control systems also raises concerns about unauthorized physical entry into buildings or restricted areas.
In 2022, New York had the fourth highest number of cybercrime victims in the nation, falling to cyberattacks such as:
- Phishing, the most common type of cyberattack, which involves fraudulent emails, text messages and phone calls that appear to come from a legitimate source requesting sensitive information, like login credentials or financial details;
- Malware attacks that use malicious software to gain unauthorized access, destroy or steal sensitive information and potentially control operating systems;
- Ransomware attacks which are a type of malware attack involving software that encrypts the target’s system and data, preventing them from accessing it; and
- Supply chain attacks that insert malicious software or tampered hardware into the assets of suppliers, contractors and service providers.
New York City Takes Action
Recognizing these threats, New York City is taking steps to bolster cybersecurity within its critical infrastructure. The Office of the State Comptroller (OSC) released a 2023 report about Cyberattacks on New York’s Critical Infrastructure, outlining a statewide cybersecurity strategy. This strategy emphasizes collaboration between public and private entities, including the CRE sector.
OSC reported that cybercrime incidents in NYC grew by 53 percent between 2016 and 2022, with losses growing from $106.2 million to more than $775 million. It also noted that as compared to other states, New York had the third highest number of ransomware attacks (135) and corporate data breaches (238) in 2022, trailing only California and Texas for ransomware attacks and California and Florida for corporate data breaches.
For the data collected in 2022, the top five sectors hit with malware attacks were:
- Healthcare/Public Health (210 attacks)
- Critical Manufacturing (157 attacks)
- Government Facilities (115 attacks)
- Information Technology (107 attacks)
- Financial Services (88 attacks)
Recognizing the critical role of infrastructure today, New York prioritizes understanding each sector’s vulnerabilities to cyberattacks. Analyzing the significance, functions, and associated risks of each sector is crucial for building cyber resilience and developing effective response plans. Continuous investment, collaboration, and vigilance are necessary to safeguard this infrastructure from cyber threats.
CRE Brokers as Protectors: Proactive Measures for a Secure Future
For New York City’s CRE brokers, navigating this evolving landscape requires a proactive approach. Here are some key steps they can take to ensure the security of the buildings they manage and the trust of their tenants:
- Partner with cybersecurity experts: Going beyond traditional security measures, brokers can collaborate with cybersecurity professionals to conduct thorough vulnerability assessments of the buildings they manage. These assessments can identify weaknesses in IoT networks, access control systems, and data storage protocols. Based on the findings, security experts can then recommend appropriate security measures to mitigate these risks.
- Prioritize data security: Data encryption is no longer optional. Brokers should ensure that all tenant data, from lease agreements to financial information, is encrypted both at rest and in transit. Additionally, implementing multi-factor authentication and educating tenants on best practices for protecting their information can further strengthen data security.
- Stay informed: The cybersecurity landscape is constantly evolving. Regularly attending industry events and workshops can help brokers stay updated on the latest threats and mitigation strategies. Participating in industry associations focused on cybersecurity in CRE can also provide valuable resources and networking opportunities.
As New York State Governor Kathy Hochul cited in the first cybersecurity strategy published in 2023, the resilience against digital threats will require continued teamwork and coordination across government agencies and the private sector. Indeed, the secure functioning of economy and critical services depends on our ability to protect digital infrastructure and sensitive information.
By prioritizing security and cybersecurity, New York City’s CRE sector can ensure the continued success of its smart buildings and maintain a competitive edge. Through collaboration, awareness, and proactive measures, brokers can navigate the digital age with confidence, attracting and retaining tenants who value a secure and technologically advanced workspace. This commitment to security will not only safeguard valuable assets and data but also foster a climate of trust within the industry.