realestatebusiness logo

Breaking news and updates daily. Subscribe to our Newsletter!

Home of the REB Top 100 Agents
Breaking news and updates daily. Subscribe to our newsletter

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Difficulties ahead for real estate and cyber security

By Blake Deakin
25 October 2017 | 1 minute read

For years, the real estate industry has been on the receiving end of regular email fraud, ransomware and other assorted malicious attacks — but why target a real estate business?

Giving out personally identifiable information such as work experience, date of birth, past rental locations, phone number and email address during an application or lease agreement has become part and parcel of renting or buying a property in Australia. As you can imagine, these pieces of data are often in a digital format or scanned copies of the physical documents which sit in numerous systems between estate agents and third parties.

The content of the data is sensitive and valuable for financial crimes, identity theft and email fraud. Large amounts of money is regularly sent, received and kept in trust accounts. The problem is exacerbated by a lack of employee training and education towards cyber crime as well as multiple devices being used and passwords shared between employees.


Personal data, unlike credit card information, is not easily reset. Birth date, names and addresses are nearly impossible to change after a breach. Technology is rapidly introduced to assist with efficiency but is often poorly understood. Typically, rental records are stored for many years and in large volumes due to industry regulations.

Too many people, including employees and third parties, have system access to tenant records.

Deloitte has written in detail about a few large vulnerabilities facing commercial real estate organisations.

“Consider the November 2013 data breach at Target Corporation. In this instance, the hackers were able to find a route through the company’s HVAC contractor’s systems to steal payment card records and other personal information of nearly 110 million customers. Along with reputational damage, the company reported a gross financial loss of $252 million.”

The incident highlights that the IT systems of real estate owners can act as an entry point for hackers to access tenant data, and that they are becoming an increasingly integral part of a tenant’s supply chain. Interestingly, cyber intrusions through real estate companies can create additional vulnerabilities beyond information theft, such as impact on productivity, life safety and protection.

Cool it

Billy Rios, a security researcher at security firm Cylance Inc., shared his perspectives in a recent interview. He said: “Major financial institutions have told us that if you can vary the temperature by five or six degrees, their computers won’t be able to process transactions at the normal rate,” because heat tends to degrade computer performance.

EY’s recent report, Managing Real Estate Cyber Security, mentioned further unforeseen commercial risks.

Building management systems, which handle everything from air conditioning to door locks, traditionally worked on serial networks and were segregated from conventional IT networks. As these systems have become internet-enabled, they are now open to all possible threats that afflict conventional IT systems. The potential for harm is significant.

In real estate, the most immediate impact is likely to be felt by the tenant of the building rather than the owner, with loss of sales from collateral impact and loss of clientele. The longer-term impact is then felt by the real estate company as it is forced to compensate its tenants for loss of trading revenues and brand reparation when the true cause of the incident is discovered.

According to Deloitte, some real estate industry professionals have underestimated their cyber exposure in comparison to retail, travel, hospitality and financial services industries, insisting that their organisations aren’t prime targets. With a strong economy and very high rates of technology adoption among businesses, Australia is a prime target for cyber-crime attacks, and the real estate industry is very much a strong target.

Online trade, increased reliance on digital solutions and a lack of security culture are a few of the many variables broadening the attack surface for criminals in the real estate industry.

Difficulties ahead for real estate and cyber security
blakedeakin 250x250 oct2017
lawyersweekly logo



Blake Deakin

Blake Deakin

Blake Deakin is the director at Cyber Insurance Australia.
Cyber Insurance Australia works with clients to mitigate their cyber risk exposure.

May 09, 2022

REB Top 50 Women in Real Estate 2022

REB is thrilled to present the Top 50 Women in Real Estate 2022 ranking, which sets t ... LEARN MORE

May 04, 2022

REB Top 100 Agents 2022

Now in its second decade, the REB Top 100 Agents 2022 rankings are the most revered s ... LEARN MORE

May 02, 2022

REB Top 50 Agents NSW 2022

Even a pandemic has not put the brakes on the unstoppable property market in NSW, whi ... LEARN MORE

April 27, 2022

REB Top 50 Agents VIC 2022

The COVID-19 crisis has not deterred the property market in Victoria, which has been ... LEARN MORE

April 25, 2022

REB Top 50 Agents QLD 2022

As the property market continues to roar in Brisbane and Queensland, the REB Top 50 A ... LEARN MORE

Coming up

rankings rankings
Do you have an industry update?

top suburbs

12 month growth
Bawley Point
Walla Walla
Byron Bay
Kiama Heights
South Hobart
Lennox Head
Subscribe to Newsletter

Ensure you never miss an issue of the Real Estate Business Bulletin.
Enter your email to receive the latest real estate advice and tools to help you sell.