Cyber threats have grown in scale and scope. Hackers today do not limit their targets to just financial institutions and retail businesses; even real estate, building and construction businesses are not spared. Unlike the frequent guidelines and circulars issued by the Monetary Authority of Singapore for the financial services sector, the absence of clear and specific regulations governing other sectors makes it easier for cybercriminals to prey on the uninformed.
The lack of awareness when it comes to cybersecurity breaches and risks often creates a sense of false comfort. It is also easy to overlook internal risks and threats when many key players are preoccupied with capitalising on external opportunities to pursue the next real estate acquisition, development initiative or automation & cost rationalisation agenda.
As a first step, RSM advocates a holistic assessment of your cybersecurity risk using the roadmap shown below:
Cyber-crime is already prevalent in Singapore
Singapore’s high degree of connectivity between the public, private sector and government agencies exposes its computer systems and networks to increased likelihood of threats.
- According to the inaugural Singapore Cyber Landscape report released by the Cyber Security Agency on 14 September 2017, cyber-crimes in Singapore nearly doubled proportionally between 2014 and 2016, rising from 7.9 per cent to 13.7 per cent of all crimes
- Ransomware attacks on public display electronic screens in heartland shopping malls also reveal that targets were selected indiscriminately. Hackers can create disruption simply to prove a point
- Government agencies were also not spared, with numerous reports on sensitive information being leaked as a result of security breaches
Many of these incidents could have been prevented if technology risks were better understood and security protocols were followed diligently. Often, the unintentional triggering of botnets, spywares and ransomwares within computer networks accelerates the rate of infection.
Cybersecurity implications for real estate and construction companies
Security breaches may result in damage to a business’ reputation and loss/theft of data and proprietary project information such as:
- Project feasibility studies
- Tender and bid computations/budgets
- Confidential preliminary design drawings and project plans (especially where key installations of national importance are concerned)
- Stakeholder or partner information arising from facilities management appointments (i.e. tenancy and occupancy details)
- Financial performance and corporate information of main, subcontractors or even joint venture partners
- Design specifications drawn up by architects
- Property buyers’ personal data
Insufficient effort made to safeguard commercial and personal information not only facilitates breaches and attract hefty legal penalties, but also results in loss of stakeholder confidence.
Immediate internal and external steps to deal with cyber threats
Having a cybersecurity policy that outlines the safeguards expected is a good starting point. Additionally, a well-orchestrated blend of internal and external risk management measures should be adopted. Below is a graphical representation of the “Internal/External Matrix of Cybersecurity Matrix” which explains who takes the leads in these practices and to what extent these activities should be performed.
Proper cyber security safeguards will soon be legally required
The Singapore government has stepped up the ante by developing the Cybersecurity Bill. This is expected to be launched in 2018 by the Cyber Security Agency. The new bill underscores the importance of information confidentiality and establishes a framework that expedites detection of cyber threats and incidents. It also provides sufficient clarity on the powers of the government to take action against those who are unable to comply.
Turning risks into advantages
Despite the challenges, real estate and construction businesses should not shun the adoption of new technology. Being innovative and thinking about how to transform such risks into business opportunities can arm businesses with newfound competitive advantages and uncover ways to enhance productivity.
For instance, smart homes make it convenient for owners to remotely monitor and control home appliances, surveillance devices and locks. The added convenience comes at the cost of increased risk due to the introduction of web-enabled devices. Instead of watching from the sidelines, traditional builders have begun to collaborate with cybersecurity advisors to build safe and reliable smart homes to meet the growing demand.
Similarly, local engineering companies are turning to computerised design, worksite automation and prefabrication plants to improve resource efficiency and raise productivity. Despite the risks, more companies have chosen to address these challenges head on instead of avoiding technology entirely.
A glimpse into the future
We believe that Data Science will play a greater role in improving efficiency and introducing greater cost savings. However powerful the analytical results achieved, these can only be as good as the source and quality of data collected. Real Estate Companies must think beyond the first step, and do more than just protect data. The future really lies in your ability to implement platforms and systems to accumulate and capture useful data to form meaningful insights. This will ultimately influence your decisions on what to bid, how to bid, and who to attract.
This article was written by Joshua Wee, Chew Swee Kee, Jasmine Chen and Dennis Lee of our Risk Advisory division.
WE SPECIALISE IN SERVING REAL ESTATE & CONSTRUCTION BUSINESSES
Each industry is unique and the hallmark of a great business partner is the ability to understand and identify the needs and goals of each business in its own context. Our vertical industry units are designed to help companies grow through tailored services with insightful, practical and effective advice.
Learn more about our Real Estate & Construction industry unit!