The world is becoming increasingly digital and as it does, the real estate sector and its professionals need to keep up with the latest technological trends. While technology brings huge benefits to the sector, it also brings new risks.
Digital risks in businesses are often considered and addressed, but those associated with buildings are frequently overlooked, which can be problematic for all stakeholders.
In addition, these risks, such as cybersecurity, data privacy and the integration of digital solutions, can have a material impact on building operations, health and safety, income and building value.
While they can be relatively simple and inexpensive to mitigate in advance, digital risks are often difficult and expensive to deal with after an incident occurs.
Rapid growth of technology puts digital risks in spotlight
Nowadays technology is woven into the fabric of buildings and increasing amounts of data are collected and used to inform decision making.
This uptake of technology has many advantages, from improved user experience to efficiency gains, but it also creates multiple risks ranging from outdated software to vulnerable networks.
It also increases the attack surface of buildings, making them vulnerable to cyberattacks at a time when cybercriminals are more sophisticated than ever before.
It is expected that technology will continue to develop, alongside a rapid acceleration in processing power, the number of connected devices and the availability of data.
While this growth is exciting for the future of the real estate sector, it is also likely to contribute to even more, and increasingly complex, risks associated with buildings.
Artificial intelligence (AI) is also playing a large part in this digital evolution, enabling a more sophisticated use of data and technology to be within everyone's grasp.
It is therefore inconceivable to imagine a world where technology will not increasingly influence the operation of buildings.
However, there are other external factors that are likely to put digital risks in buildings firmly on the agenda of property professionals.
- Customer expectations: as the cost of technology reduces and people use more of it in their day-to-day lives, buildings will need to become smarter, more flexible and more connected to satisfy building users' digital requirements.
- Systems thinking: technology enables the management of a building to be more joined up. While this is positive news for performance, connecting systems increases the likelihood of cyberattacks spreading more widely, particularly when delivered by multiple third-party providers.
- Legislation and standards: new legislation and standards have been introduced that need to be considered to understand future digital risks and how to manage them. This includes property-specific standards, such as the International Building Operation Standard (IBOS) and those relating to technology such as ISO/IEC 27001:2022.
- Technology to understand technology: digital systems collect and store increasing amounts of data, but due to the volume and complexity of this data, another layer of technology, such as AI, might be required to analyse it. This will lead to an even better understanding of how a building is operating and the risks that it faces.
- Increased awareness: building users are more aware of the risks of technology in their everyday lives, and there will be a growing expectation that businesses and building owners are also aware of such digital risks and taking them seriously.
Digital risks can have a negative impact on the operation of a building or its users, and there is also the potential for detrimental effects to an organisation's insurance premiums, reputation and business value if something goes wrong.
It is therefore imperative that building stakeholders address digital risks sooner rather than later.
Allocating responsibility for digital risks
While there seems to be a broad acceptance that digital risks exist, there appears to be less consideration of who is responsible for them.
A typical property management agreement would require property managers to manage a building to an appropriate standard, taking into account the principles of good estate management and relevant professional codes of conduct.
Those professional codes already cover at least some digital risks, and these are likely to evolve over time. However, responsibility could also sit with any of the other parties involved in a building, including owners, managers and tenants.
Unfortunately, contracts often do not cover new technology and its interconnectivity, and it is likely that in many buildings, digital risks are not fully considered during contractual negotiations.
Even when such risks are acknowledged, they are often assumed to be the responsibility of someone else or, if all else fails, covered by an insurance policy.
However, this can be a dangerous assumption, particularly with evolving cyber insurance policies and changing best practice.
Guidance for RICS members
RICS regulations are increasingly addressing digital risks and the role of members in managing them, as follows.
- Duty to manage building systems and digital infrastructure: RICS professionals are required to manage not only the physical components of a building but also the digital infrastructure, which includes hardware, software and network systems. This responsibility is part of maintaining the integrity, safety and operational efficiency of the building. This duty is referred to in the IBOS practice information guidance, which states that 'building operation is becoming ever more technology- and data-driven. IBOS is a data-driven framework that provides a standardised understanding of a building's operation; however, it is also important that the digital risks to the building and users are considered, and that the data collected is used in an ethical way'.
- Responsibility for digital risks: the operation of a building and the well-being of its occupants extends to the digital realm, where compromised systems could lead to severe risks. RICS professionals should consider these and ensure that they are appropriately identifying and managing the digital risks. They should also ensure that appropriate insurance cover is in place for themselves and the buildings. For example, the latest edition of RICS' Planned preventative maintenance professional standard, states that '[RICS members] should be sufficiently skilled to inspect and report on all aspects of the property; this should include appropriate knowledge of building technology and pathology'. Meanwhile IBOS states that '[a] professionally managed building should aim to have a documented register of the largest digital risks it faces, and the steps that can be taken to manage them'.
- Data management and privacy: the collection, storage and use of data is increasingly part of building management. RICS professionals are responsible for ensuring data privacy, minimising the risk of breaches and managing data responsibly in line with regulations. This duty is referenced in a number of RICS professional standards, including the latest edition of RICS' Property agency and management principles, which states that 'members and firms must handle personal data sensitively and process it in accordance with data protection legislation and their published privacy notice'.
In summary, existing RICS standards and guidance suggest that digital risks are an important part of building management and RICS professionals have a responsibility to address these risks proactively.
RICS' Digital risks in buildings practice information paper reinforces this point. It also highlights that ignoring such risks may not only undermine building safety and operation but also expose professionals to liabilities and potential breaches of RICS standards.
Providing adequate security measures, clear communication with stakeholders and appropriate insurance coverage are critical steps in fulfilling the above responsibilities.
'Existing RICS standards and guidance suggest that digital risks are an important part of building management'
How can property professionals manage digital risks?
It is important for property professionals to take the following steps to understand and manage the digital risks associated with buildings, and to adopt a proactive and strategic approach to address them.
- Identify, understand and plan for digital risks: property professionals should understand the technology in their building and the associated risks. Create a risk register to identify likely risks and allocate responsibility for each potential issue.
- Implement robust security measures: introduce strong access controls for buildings, maintain regular updates to the relevant technology and deploy real-time monitoring tools to detect and respond to threats promptly.
- Invest in employee training and awareness programs: providing cybersecurity training for all employees fosters a culture of security awareness throughout an organisation. Conducting regular incident response exercises prepares staff to act effectively during a security breach.
- Integrate digital risk management with corporate governance: align digital risk management with wider corporate risk strategies and report to leadership about digital risks and mitigation efforts.
- Manage third-party risks and prepare for incidents: set strict cybersecurity criteria for all third-party service providers and conduct regular assessments of suppliers, limiting their access to critical systems. Consider insurance to mitigate any impacts from digital risks such as cyberthreats and data breaches.
Related competencies include: Data management, Smart cities and intelligent buildings
Discover the new RICS Member App: CPD on the go
RICS has introduced a refreshed CPD approach that prioritises meaningful, high-quality learning that genuinely benefits your work and is tailored to your specialism, career stage, and the real-world challenges you face.
The new app makes logging CPD simpler and more intuitive, so you can focus on the development that matters to your practice.
RICS Building Surveying Conference
7 May | 08:30–17:00 BST | London
Stay ahead of the biggest changes shaping building surveying by joining leading surveyors, legal experts, and regulators for practical guidance on the Building Safety Act, fire safety, facade systems, building defects, retrofit, energy performance certificates, Minimum Energy Efficiency Standards, dilapidations, neighbourly matters, historic buildings and the responsible use of AI.
Attend tailored breakout sessions to gain technical insights that strengthen judgement, reduce professional risk, and support clearer, more defensible decision-making.