Cybersecurity is not yet regarded as a key issue for the real estate industry but, according to a cybersecurity report by professional services firm Ernst & Young, opinions are rapidly changing.
The report noted that agencies hold “significant amounts of confidential third-party information”, which is just the sort of information cybercriminals target.
It also said that businesses in general have experienced “an unforeseen level of data breach incidents” during the past decade, with criminals stealing customers’ identities and bank account details.
Agencies that are involved in data breaches could potentially be liable to a class action lawsuit, according to the report.
“Having measures in place for the maintenance and destruction of confidential records will ensure that such data is only held for as long as justifiably required, to safeguard against possible identify theft and ensure compliance with data protection and privacy laws,” it said.
“The confidential data stored across multiple online and mobile devices must all be protected and/or adequately disposed of. This can be achieved with software that automatically wipes information from hard drives and prevents restoration of material that has been deleted.”
Agencies don’t only need to worry about having their systems hacked. Breaches could also occur if agents lose laptops or criminals target the outsourcing businesses used by agencies.
Ernst & Young advised agencies to place contractual responsibility on these service providers, for example by requiring them to report breaches.
The report said that while awareness of cybercrime is increasing, there is less understanding of the costs associated with data breaches.
This can include paying fines, hiring forensic investigators, notifying affected clients and shutting down the company’s systems, according to the report.
“Combined, these liabilities and costs can escalate into millions, damaging the balance sheets of larger real estate firms and crippling smaller businesses,” it said.
Ernst & Young said that while the issue of cybersecurity poses a “very clear and present risk”, it also provides an opportunity.
Agencies that invest in improving their cybersecurity could find that they simultaneously improve other parts of their IT operations, the report said.