Our corporate site Contact us

Article

Balancing innovation with cybersecurity: Mitigating cyber risk in the REIT landscape

As real estate investment trusts (REITs) rapidly embrace digital transformation, they can unlock valuable efficiencies and new business opportunities.

As real estate investment trusts (REITs) rapidly embrace digital transformation to improve tenant engagement, streamline financial operations, and optimize property management, they can unlock valuable efficiencies and new business opportunities. Advanced technologies, particularly artificial intelligence (AI), can streamline processes and provide real-time insights that empower REITs to make more informed decisions.

However, this technological evolution also exposes REITs to an increasingly complex cyber risk landscape. Sophisticated cyberattacks targeting AI systems or manipulating data inputs can amplify the impact of security breaches, posing threats to REITs’ operational integrity and financial stability.

Reflecting this growing concern, IBM’s Cost of a Data Breach Report 2025 highlights that the global average cost of a data breach is $4.44 million, with 97% of organizations experiencing AI-related security incidents and lacking adequate AI access controls. In this dynamic environment, REITs should carefully balance the pursuit of innovation with robust cybersecurity strategies to protect their assets, operations, and reputation.

The AI opportunity

According to Morgan Stanley Research, which analyzed tasks performed by 162 REIT and commercial real estate firms, AI innovations could lead to $34 billion in efficiency gains for the real estate industry by 2030.

The digital transformation of REITs and emerging cyber risks

REITs have traditionally been considered stable, income-generating vehicles, benefiting from diversified real estate portfolios and steady revenue streams. However, the digital transformation sweeping the real estate sector has introduced new vulnerabilities.

Property management systems, tenant portals, leasing platforms, and financial reporting tools are increasingly interconnected and reliant on cloud-based technologies. While these innovations can enhance operational efficiency and tenant experience, they can also create multiple attack surfaces for cybercriminals.

Common cyber threats facing REITs include:

Ransomware attacks: Cyberattacks where malicious software encrypts REITs’ critical data or systems, rendering them inaccessible until a ransom is paid to the attackers. This can halt property management operations, disrupt tenant services, and cause significant financial and reputational harm.
Phishing schemes targeting employees: These involve deceptive emails or messages sent to REIT employees that appear legitimate but are designed to trick them into revealing sensitive information like login credentials or downloading malware. Such schemes can provide cybercriminals with access to internal systems.
Data breaches exposing sensitive information: This occurs when unauthorized parties gain access to confidential data held by REITs, such as tenant personal details or financial records, potentially leading to identity theft, regulatory fines, and loss of tenant trust.
Distributed denial of service (DDoS) attacks that disrupt online services: These attacks flood REITs’ online platforms with excessive traffic, overwhelming servers and causing websites or portals to become slow or completely unavailable, which disrupts tenant access and business continuity.

Why cybersecurity is a boardroom priority

The consequences of cyber incidents may extend beyond IT departments. A successful breach can halt operations, erode investor confidence, and trigger costly regulatory investigations, especially as data privacy laws tighten globally.

For REITs, cybersecurity is a strategic business risk that demands attention at the highest levels of governance. Investors, tenants, and regulators increasingly expect transparency and accountability regarding cyber risk management, while non-compliance can result in severe fines and reputational harm. If an organization fails to demonstrate robust cybersecurity practices, underwriters may perceive it as a higher risk, which can lead to potentially higher premiums, reduced limits, and more stringent policy terms.

Five actionable strategies for mitigating cyber risks

To safeguard your organization’s assets and operations, it is important to adopt a proactive, multi-layered approach to cybersecurity. Below are key strategies that can help you build resilience against cyber threats:

1. Implement cyber-specific risk management

Cyber risk management should be integrated into your overall enterprise risk management framework. This includes conducting regular cyber risk assessments tailored to your unique operational and technological environment. Mapping critical assets, understanding threat vectors, and quantifying potential impacts can allow for more informed decision-making and resource allocation.

2. Train employees effectively

Human error remains a significant cause of cyber incidents. Regular, mandatory cybersecurity training for all employees — from executives to frontline staff — is essential.

Training should cover recognizing phishing attempts, safe handling of sensitive data, password hygiene, and incident reporting protocols. Cultivating a security-conscious culture can reduce the likelihood of breaches caused by negligence or social engineering.

3. Develop and test incident response plans

Despite best efforts, no organization is immune to cyber incidents. REITs should develop detailed incident response plans that outline roles, communication protocols, and recovery procedures in the event of an incident. Conducting tabletop exercises and simulations can help prepare staff for their roles and responsibilities and minimize downtime in the event of an attack.

4. Secure tenant and vendor ecosystems

REITs often rely on third-party vendors for property management, maintenance, and IT services. It is critical to assess the cybersecurity posture of these collaborators and include security requirements in contracts. Additionally, tenant-facing platforms should be designed with security in mind, protecting personal and payment information through encryption and secure authentication methods.

5. Stay ahead of regulatory compliance

Remaining attentive to changing data privacy and cybersecurity regulations is vital. Your organization may consider engaging legal and compliance experts to ensure policies and practices meet current requirements. Transparent reporting and documentation can also enhance stakeholder trust.

Fostering a culture of innovation and resilience

Beyond technical controls, REITs should foster a culture that embraces innovation while prioritizing resilience. Cybersecurity is not a one-time project but an ongoing journey requiring continuous improvement and adaptation. Encouraging collaboration across departments — IT, legal, operations, and finance — can strengthen your organization’s ability to anticipate and respond to emerging threats.

Industry collaboration is equally important. Sharing threat intelligence and best practices with peers, industry groups, and government agencies can enhance collective defense. Transparency about cyber risk management efforts builds confidence among investors and tenants alike.

Positioning REITs for growth in a digital era

Technology and cybersecurity risks represent a critical challenge for REITs in the digital age. However, thoughtful, proactive risk management strategies can help your organization mitigate and manage these risks. By embedding cyber risk into enterprise risk management, training employees, securing tenant and vendor ecosystems, and maintaining regulatory compliance, you can better protect your assets and operations.

Ultimately, REITs that prioritize cybersecurity and foster a culture of resilience may be better positioned to capitalize on the opportunities of a rapidly evolving real estate landscape. In doing so, they may not only better safeguard their current operations but they can also build trust and confidence with investors, tenants, and regulators — key ingredients for sustainable growth and long-term success.

Event

Balancing innovation with cybersecurity: Mitigating cyber risk in the REIT landscape

The AI opportunity

The digital transformation of REITs and emerging cyber risks

Why cybersecurity is a boardroom priority

Five actionable strategies for mitigating cyber risks

Fostering a culture of innovation and resilience

Positioning REITs for growth in a digital era

Our people

Duncan Ellis

Related insights

2026 Global Real Estate & Hospitality Conference

Five ways to mitigate the impacts of geopolitical and regulatory risk for REITs

Responding to shifting industry dynamics in the REIT sector

Mitigating economic and financial risks: Four key focus areas for REITs

Marsh.com Sign in

Balancing innovation with cybersecurity: Mitigating cyber risk in the REIT landscape

The AI opportunity

The digital transformation of REITs and emerging cyber risks

Why cybersecurity is a boardroom priority

Five actionable strategies for mitigating cyber risks

Fostering a culture of innovation and resilience

Positioning REITs for growth in a digital era

Our people

Duncan Ellis

Related insights

2026 Global Real Estate & Hospitality Conference

Five ways to mitigate the impacts of geopolitical and regulatory risk for REITs

Responding to shifting industry dynamics in the REIT sector

Mitigating economic and financial risks: Four key focus areas for REITs