Professional Documents
Culture Documents
101
100
000 001
010 0
010 100 1001
011 1 1 101
110 011 011 111
111 110 1 0 1 011
101 110 100
100 000 001
001 101
010 0
011 0
01
drooms.com
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
1
Source: Cyber Incident & Breach Trends Report, 2019 drooms.com 2
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
The real estate industry is far from exempt from cyber attacks.
In fact, the frequent, high-value transactions between multiple
parties and which are taking place digitally mean that it can be
particularly attractive to hackers.
2
Source: Survey conducted by PollRight between 20 May and 5 August 2019 among 51 real estate industry professionals in Europe drooms.com 3
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
40
0
1 11 0 11
0 1
00 110 %
An overwhelming majority also expect the situation to get worse.
0 1 01
Over nine in 10 (92%) expect the number of cyber attacks on
0 11 0 0 0
businesses in Europe to increase over the next five years, including 0
0 00 1 10
1 1
57% who expect the increase to be ‘significant’. None of the
0 1 01
1 10 010
1 01
11 000
respondents believed it would decrease.
Concerned
0
0 11 0
1 1 about cyber attacks
But what consequences do real estate professionals fear most
0
0 110
86 %
about cyber attacks? The most significant negative impact appears
to be reputational damage, which was cited by 90% of respondents. 11
This was significantly ahead of any other negative outcome. The
second most concerning outcome was fines from regulators, which
was mentioned by 57% of respondents. Other negative outcomes Not very
cited include: loss of revenue (43%); loss of customers (41%); concerned
compensation to customers (33%); and provision of resources about cyber attacks
Not concerned
14 %
to combat cyber attacks (33%).
about cyber attacks
0% drooms.com 4
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
01
0
111 0111 10111 01111
??
real estate companies?
011
1
00
0
001 0100 01001
001
1
10
1
000 0000
1
Real estate professionals largely appreciate the importance of protecting against
101
1
101
1
cyber attacks. Nine out of 10 (90%) say it is important to ensure proper strategies
??
are in place to manage cyber attacks, including 53% who say it is extremely
important.
However, real estate professionals are also pessimistic about the degree of
preparation by companies in their industry to deal with the threat of cyber attacks.
Only one in 25 (4%) would say the industry is ‘extremely well prepared’, while just
over half (55%) said the industry was moderately prepared. Just over one in 10
(12%) see the industry as extremely unprepared and 29% say it is moderately so.
In terms of weak points, more than half of real estate professionals (51%)
believe companies in their industry are most vulnerable to the threat of cyber
attacks in terms of controlling external parties’ access to information.
The second area identified was protecting information flows between devices
(24%), followed by protecting against ransomware (12%); controlling employees’
access to information (10%); and protecting interfaces between software
applications provided by third parties (4%).
drooms.com 5
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
Recognised measures
Respondents to our survey do have a good idea of what can be done to counter
cyber attacks. Training staff beyond the IT department to ensure they are
aware of risks and response processes was seen by 92% of respondents as
important, including 63% who saw this as extremely important. Encryption of
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
all data was recognised by 88%. Other measures cited included: maintaining the
most recent patching by updating software and hardware as needed (88%);
having a full back up system in place with regular and separate data uploads
(88%); putting adequate insurance in place (80%); having the right governance
structure in place, including a core group responsible for monitoring, developing
and implementing cyber security programmes and policies (75%); and
implementing multi-factor authorisation (62%).
Most real estate professionals (55%) say their companies implement cyber
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
security measures through a combination of internal and external resources.
Significantly fewer (25%) say this is achieved through external third-party
providers and just 16% say it is internally staffed.
101100001010011011110110
000101001101110110000101
001101111011000010100110
111101100001010011011101
100001010011011110110
101001101110110000101
101111011000010100110
101100001010011011101
drooms.com 6
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
110
01
10
101
01
001
110
110
001
101
0110
Countering the threat
101 1
011
100
1
011
0
101
10000
1010
01111
011
101
011
000
01001
010
10000
011
11101
010
110
1
001
1
1
001
1
0
0
001
0
0
111
1
0
100
1
100
1
0
00010
101
1
110
101
1
0
101
11
101
As mentioned above, the costs of a cyber attack can be devastating for
10
000
11110
001
00110
111
00010
10110
companies. However, real estate firms can counter such threats with the
right crisis management and preparation.
The first line of defence that should be put in place should be an early
warning system: Identifying a cyber attack is often much harder than it
might seem. Ponemon’s 2017 Cost of a Data Breach study found for
example that companies take up to 200 days on average to register an
!
!
attack has taken place. As such, adequate monitoring is essential to
highlight breaches as soon as possible. This monitoring system must
pinpoint when attacks have taken place, what kind of attacks they are
and the impacts they could have.
drooms.com 7
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
An effective recovery
strategy is essential
Transparency is an increasingly important facet of the business world.
Stakeholders are very unforgiving of product and service providers who
breach their trust by failing to make them aware of important developments
at the earliest opportunity.
Companies must have a proper response plan ready. This must include a
PR/marketing strategy to mitigate the negative publicity as well informing
key stakeholders, including customers, regulators, business partners,
employees and investors, on the type of attack involved, potential impacts,
responses in place and possible compensation. Another key element of this
is to outline what security measures will be put in place going forwards.
These should draw on lessons learnt and involve investing in security
solutions and expert advice. Encryption technology, the use of highly secure
cloud-based solutions and advanced firewall and malware software
should also be seriously considered.
drooms.com 8
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
If the response to a threat has been wanting in any areas, then current practices must be
seriously reviewed and overhauled if necessary.
Strategy
Governance Training
management
A core group should be made Response plans must be Team members beyond just the
responsible for monitoring, updated regularly to ensure IT department must be kept
developing and implementing they are fit for purpose. informed of the risks faced by
cybersecurity programs the company and its cyber
and policies. security policies.
drooms.com 9
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
Multi-factor authentication
drooms.com 10
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
New features
Drooms continues to upgrade its products to keep them state of the art and ensure
they give clients the security they need.
In March this year, Drooms PORTFOLIO was launched. This VDR incorporates
features developed from more than a decade’s experience in providing services to
asset managers, such as UBS’s Real Estate Investment Management Business.
It represents a step-change boost to the administrative efficiency of real estate
asset managers, facilitating intelligent and secure portfolio management of multiple
assets throughout their hold phase, allocating bespoke data rooms to individual
assets while storing them on a single platform.
The fact is that many real estate firms will run several data hubs within their
organisations, making it difficult for them to know where data is held and who
might be processing it. This means they are all the more susceptible to a cyber
attack. In contrast, a VDR can store all data centrally on a highly encrypted
platform. What is important from a security perspective is that Drooms’ auto
allocation functionality only allows users with the required permissions to
upload folders and documents via a drag-and-drop function, automatically
allocating them to the respective index points.
drooms.com 11
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
For real estate asset managers, though, a key feature of Drooms’ proposition is
its lifecycle asset management facility provided through its portfolio offering.
This enables assets to be managed throughout their ‘life cycle’ of buy, hold
and sell.
drooms.com 12
DROOMS REPORT EUROPE’S REAL ESTATE CYBER WAR
Preventing such attacks by having the right protection in place will always
be less costly than recovering from a breach.
This requires companies to secure and manage data in the right way.
While real estate companies need to fully consider all their options,
cloud-based data storage and VDRs offer a robust solution for many
of them.
Drooms’ VDR products provide the security protocols to meet all the
best practice principles outlined above. They tick all the boxes in terms
of being fully GDPR-compliant and having encryption, multi-factor
authentication and back-up solutions in place.
Learn more about These are all the boxes that real estate companies must ensure they
have covered, for in today’s world, protecting against cyber attacks is
Drooms PORTFOLIO not a luxury, it is essential for their survival.
drooms.com 13