Cyber this. Cyber that. I deal in dirt, and I don’t care.
If there’s a commercial building on top of that dirt, you should.
The “internet of things” refers to the ever-expanding connectivity between our digital and physical worlds. In our homes, we have smart climate control, security, refrigerators, televisions, vacuum cleaners (yes, vacuum cleaners) and, well, you get it. We like the comfort and convenience, and the fact that we can control all of it from our phones, which we’re always looking at anyway.
Commercial properties employ the same technology on a bigger scale. Many Class A office buildings have smart lighting and climate control that intuitively adjusts to the time of day, the weather and even tenant preferences. Security and fire alarm controls are increasingly internet-connected and remotely accessible. Some buildings even send reports to landlords or management companies when they need repairs or maintenance. Landlords like these systems for their efficiencies. And tenants increasingly expect them in high-end, high-rent properties. Smart buildings are the trend, and flat-out brilliant buildings are already a reality. The Watson IoT Headquarters in Germany can read your mind. Ok – not yet. But it does continuously learn tenant preferences and improve the building’s adaptability to them. It even knows who is sitting where, and it adjusts the environment to individual preferences.
All of this convenience, comfort and efficiency comes at a cost. When everything is connected, everything is as vulnerable as the weakest link in your, or your vendors’, cyber security infrastructure. Remember the Target hack that cost the company an estimated $300 million in damages? Hackers got into Target’s network through an HVAC vendor that monitored sites remotely. Once they got through the front door, they went into every room that wasn’t locked down until they hit the point of sale systems and gained access to millions of customers’ credit card information.
That was six years ago. Inter-connectivity is even more fulsome now, and the potential magnitude of cyber crime consequences is accordingly more significant. Compromised climate systems could result in physical damage to property, loss of tenants and even personal injury in extreme cases. Compromised security systems leave a building vulnerable to theft or other crime. Compromised electrical systems could result in significant property damage (physical and digital) and, in extreme cases, personal injury. The smarter the building, the more damage a successful cyber attach can inflict.
But we’ve got insurance, right?
If you’re relying on your traditional property and casualty coverage, maybe not. Carriers are revising those policies constantly in an effort to eliminate cyber risks and funnel those risks into the stand alone cyber insurance market. There are still lawsuits based on older policy forms working their way through the courts and having success, but don’t be fooled. That trend is on the decline.
Commercial property owners can use cyber insurance to transfer some of this risk, but even these policies must be tailored to reflect commercial property risk profiles. Both first and third-party coverage will likely need to address physical damage and personal injury, two classes of risk excluded from many cyber policies. You can read more about that here. Ditto for terrorism exclusions. And here. You’ll likely want tight business interruption coverage for loss of tenancy, ransomware coverage to turn the lights back on in a worst case scenario and forensic IT coverage to restore digital order if its even possible. Somehow, this coverage is not yet ubiquitous even as headline grabbing data breaches have become the norm. Real estate is not immune.
Keep dealing in dirt. Just don’t forget about the cloud.