Broker's Playbook - Good For Real Estate



Cybersecurity in the real estate industry: are you prepared?

Table of Contents

With the world of business moving deeper every day into the digital realm, cybersecurity is more important for businesses now than ever. This is especially true for real estate organizations that can possess large amounts of sensitive data for both employees and clients. Cyberattacks can be debilitating for companies and lead to loss of data, time, and potentially a lot of money. Are you prepared to defend against cyber threats in the modern world?

We spoke with Patrick Bourk, National Cyber Practice Leader at HUB International in Canada. Bourk is an insurance expert who specializes in cyber liability insurance. In addition, he serves as an advisor, speaker, and instructor on the topic. 

The threat of cybersecurity may seem like something out of a Hollywood movie, but in reality, it is an ever-present concern for all businesses in Canada. And, Bourk warns, threats are now on the rise.

“There's no question that cyberattacks have been on the rise. We've been seeing it for quite some time. There are a lot of attacks that make the headlines that people will hear about, but to be honest, the more challenging ones are the ones that you don't read about,” said Bourk. “Large organizations quite frankly have the balance sheet to be able to deal with some sort of a cybersecurity incident, whether it's the cost of restoring their systems, restoring their data from backups, or heaven forbid, having to make a ransomware payment to threat actors.”

“But it's some of the smaller organizations such as smaller real estate brokers or real estate agencies who are holding on to sensitive information. If that's somehow compromised, the cost of restoring everything that could be really devastating.”

Though real estate organizations are at risk, Bourk says that cyber-attacks “have an impact on all sorts of different industries. The cyber threat actors are quite frankly, agnostic. They don't necessarily care about who you are. The whole game is to get in, to disrupt, to make your life miserable and then monetize from it.”

The exact sources of cyber threats are intentionally hard to place. In general, they are not commonly coming from domestic sources. Rather, they tend to be coming from distant countries that may be more willing to turn a blind eye to malicious cyber attacks. Some noted sources include Iran, North Korea, and Russia. The latter especially so, as the invasion of Ukraine continues to rage, experts are now warning of the potential for retaliatory cyber-attacks on western nations. Whether or not threat actors are state-sponsored is not necessarily clear, however, the damage done is impactful either way.

In terms of what a cyber-attack can look like, a very common technique is known as ransomware. Bourk describes how invaders can compromise security systems, laying low until they are able to strike. Data can be stolen, computers can be locked out, or networks can be disabled, and the threat actors will offer to restore them – for a price. 

“Once they've managed to get in, they slam the door as they're leaving and drop some sort of encryption that will lock everything up within the system. It's then that the clients will receive this wonderful notice: “Hey, we've accessed your system. We've locked everything down and you're not going to be able to get access to it unless you pay some sort of a ransom”

“I think the average ransomware payout is a couple hundred thousand dollars, but we see incidents where it's a lot bigger than that. We've had clients deal with multimillion-dollar ransomware attacks, for which they have to make the tough decision to pay or not.&rdquo

In his years of experience, Bourk has worked with clients across many industries. According to him, while some are prepared to face cyber threats, others have more work to do.

“Certainly the type and amount of data that real estate organizations can be holding on to is significant. I think it puts them into a category of heightened concern,” said Bourk. “The bottom line is, some organizations are prepared, but I'd say more than most are probably not as prepared. I think organizations are realizing that they've really got to invest in their network protections”

Overall, in the world of cybersecurity, there is no such thing as perfect security. Security experts and malicious actors alike are constantly in a race to stay one step ahead of one another.

Real estate companies must take a proactive effort to protect themselves and their clients. Measures can include hiring or working with security professionals, training staff and developing company procedures, and investing in a cyber insurance policy.

The need for cyber security is increasingly important as many companies have moved to a much more remote style of working. In the transition, many systems may have been set up hastily and the cracks in security can leave organizations vulnerable.

In a world where technology touches every aspect of our daily lives, cyber threats are a new reality that is here to stay. Any business, especially those that work with sensitive data, should feel obligated to instate meaningful cybersecurity measures sooner rather than later for their own and their clients' protection.