New cyber risks and liabilities for property owners in 2017

31 January 2017

A new generation of building management systems and the Internet of Things are leading to ever smarter buildings, creating new cyber risks and liabilities for property owners.

Intelligent property

This year is likely to see growing interest in cyber exposures for the real estate sector, as buildings increasingly incorporate more sophisticated digital technology.

Technology is helping make commercial and residential buildings more efficient and user friendly. Smart buildings are also on the rise with the Internet of Things - there will be an estimated 11.4 billion connected devices in use by 2018, almost double 2016, according to IT research firm Gartner. 

Investment in smart buildings is growing at a pace - the smart building market is expected to reach USD 24.73 billion by 2021, up from USD 5.73 billion in 2016. Some 20% of the UK’s commercial buildings are already considered to be ‘smart’.

Sensors and connected devices are now routinely being fitted to new buildings to monitor temperature, light, motion and humidity. While more advanced smart technologies allow occupants to interact and control their environment.

The Edge office block in Amsterdam, widely regarded as the world’s smartest building, uses some 28,000 sensors and an app to allow occupants to control their environment, arrange workspaces and even order coffee from their smartphones. 

Cyber vulnerabilities 

Despite the benefits, smart buildings are known to be vulnerable to cyber-attack. 

Penetration testing carried out by IBM last year enabled them to gain access to a building management system. Such vulnerabilities in cyber defences would give hackers access to all the company’s buildings, including environmental controls for a data centre. 

Building management systems can also act as a springboard for attackers to access a company’s wider IT systems– the massive data breach against US retailer Target was linked to its air conditioning system contractor. In October 2016, hackers used 100,000 connected devices, including webcams, to launch a distributed denial of service (DDoS) attack against internet infrastructure provider Dyn.

Emerging risk

Cyber security is struggling to keep pace with technology, and smart buildings are no exception. A recent survey by the Electrical Contractors' Association (ECA) and Scottish electrical trade body SELECT found that some four in ten smart buildings in the UK do not currently take any steps to counter cyber threats.

Property owners will need to weigh up the benefits of smart technology against the potential exposures.

Incidents of cyber attacks against building management systems are rarely made public. But we are aware of incidents in the real estate sector, including a property made temporarily uninhabitable after hackers took control of environmental systems. 

Options and advice

Should a cyber attack result in property damage, bodily injury or the theft of personal data, property owners could face significant liabilities, financial loss and reputational damage. 

In the first instance, owners will want to identify the cyber scenarios that may result in losses. A specialist broker can help flesh out such scenarios and identify which can be effectively transferred through insurance.

Traditional insurance is largely silent on cyber triggered loss, and so can be assumed to provide some limited cover, although there are signs that the real estate insurance market, like others, will increasingly restrict or exclude cyber liability cover in 2017.

Competitive pressures could see some real estate insurers develop appropriate cyber coverage in coming years. But broad cover is already available in the standalone cyber insurance market. Such cover can also provide up-front risk consulting, as well as access to post event crisis management, IT security and legal support.

For further information, please contact Nigel Todd, Head of European Real Estate on +44 (0)20 7558 3549 or email


contact Nigel Todd
Head of European Real Estate