The pros and cons of operational technology in real estate
Operational technology (OT) refers to the systems that monitor and control physical processes in a building, everything from climate control to access gates. When these OT systems become digitized and connected through more centralized networks, they can be monitored and managed remotely, dramatically improving operational efficiency.
However, the convergence of these systems into central control platforms is a double-edged sword. On the upside, it creates unified dashboards for building managers, promotes cost savings, optimizes energy usage, and overall improves the tenant experience. But the downside is that it has a single point of failure that, if compromised, can be used to disrupt or control multiple buildings at once.
What’s at stake for real estate leaders and why it matters now
Every connected device is a potential entry point for a cyber attacker. In real estate, the risks are not just digital but also physical and reputational. Some of the major risks that real estate businesses should be aware of include:
- Tenant privacy breach – Hacked security cameras or access logs can expose sensitive tenant activity.
- Unauthorized access – Default passwords or weak credentials can enable criminals to control elevators, HVAC, or door locks.
- Operational disruption – Cyberattacks that disable building management systems can result in non-compliance with safety codes or tenant displacement.
- Data theft – Personal and business information can be accessed from building systems.
- Insecure communications – Unencrypted data streams can be intercepted and altered.
Real-world consequences can include halted construction, darkened lobbies, locked elevators, regulatory penalties, lost tenants, reputational harm, and multi-million-dollar recovery costs. And this can significantly impact competitive edge and long-term success.
Buildings are becoming brands. Tenants, investors, and partners expect to see not only efficiency and innovation, but also resilience. In the same way a building would insure against fire or flood, they now need to safeguard against cyber disruption. Jameson Bouffard, National Leader for Real Estate and Construction at BDO, notes
Five business-level actions to minimize OT cyber risk
Forward-thinking developers and operators can take practical, business-aligned steps now to manage cyber threats and the associated significant risks.
Change default passwords, enforce unique credentials, and implement multi-factor authentication for all critical systems.
Ensure all connected devices receive regular firmware and security patches and automate where possible.
Keep building control systems separate from corporate IT networks and the public internet to contain breaches.
Maintain a current inventory of every IIoT device across all properties, tracking status, version, and maintenance history.
Protect data in motion and in storage with modern encryption protocols to prevent interception or tampering.
Bottom line: The future belongs to the organizations that develop and operate secure smart buildings.
How BDO can help
BDO's perpetual defence security framework provides end-to-end, adaptive protection for real estate organizations, covering:
- Cyber risk assessment & road mapping
- Cloud & application security
- Managed detection, response & vulnerability management
- Offensive security, penetration testing & adversary simulation
We also guide clients through the complex world of cyber liability insurance, helping align coverage with real-world exposures—from business interruption to crisis management.