Tech and Cybersecurity Threats for REITs in 2017

The 2017 BDO RiskFactor Report examines the most recent 10-K filings of the largest U.S. REITs.

By Mary Salmonsen

Cybersecurity has long been a top and rising concern for REITs, especially in the wake of recent wide-reaching ransomware attacks, including the WannaCry cryptoworm, which in May infected over 3,300 computer systems in North America alone. More recently, last month's Petya attack compromised at least one construction firm.

REITs’ reliance on information systems and technology for operations and data storage has grown over the decade, and many of the firms’ top priorities now involve upkeep of these systems, according to the 2017 BDO RiskFactor Report for REITs. Almost three in four REITs (72%), in fact, report operational risks associated with their technology and systems, which is consistent with previous years’ reports.

More REITs than ever—92%—cite increased cybersecurity risks in their Form 10-K filings, up from 63% in 2014 and just 25% in 2012. According to BDO, the greatest cyber threats to REITs include phishing scams, ransomware, distributed denial of service (DDoS) attacks, and permanent denial of service (PDoS) attacks. Internet-connected equipment, cloud-connected software, and vulnerabilities among REITs’ tenants or third-party vendors may also pose a cybersecurity risk.

Fully 100% of REITs that focus their investments on retail and health-care properties identify data breaches as a cybersecurity risk, compared with 96% for office trusts, 93% for hospitality trusts, and 92% for multifamily trusts. BDO emphasizes the far-reaching impact a cyberattack could have on a health-care REIT, which could give hackers access to patient health records and payment information as well as connected medical devices.

As for retail, point-of-sale systems are a common target for hackers looking to steal credit card information. According to Verizon’s 2017 Data Breach Investigations Report, the accommodations industry (restaurants and hotels) experienced 201 data breaches in 2016.

“The biggest cybersecurity mistake companies can make is underestimating the likelihood of an attack. In the end, what will separate REITs from their competitors is how well they’re prepared to handle a breach when the inevitable incident hits,” says John Riggi, Head of BDO’s Cybersecurity and Financial Crimes Practice, in a statement. “Developing a cyber-risk management strategy now will pay dividends when companies are faced with live threats in the future.”

Keywords:

Subject:: REITs; Technology; Computers; Accounting; Multifamily; Cybersecurity; Cybercrime; Tech Trends; real estate investment trust

Organization:: BDO

More from MFE

MFE - Intel How Multifamily Operators Are Taking Control of Their Digital Destiny

After years of struggling with fragmented tech and patchwork solutions, industry leaders like Bozzuto and Related are building resident-first ecosystems.

Brought to you by Venn