The BOMA Canada 2018 Cyber Wellness Guide, now available to members.

Commercial real estate is not immune to the growing global threat of cyber security breaches, so BOMA Canada has created its first Cyber Wellness Guide for members.

“There is a growing recognition that, while cyber is generally taking greater prominence on our industry’s agenda, we needed more focus on how cyber threats can pose risks specifically to building operations,” said BOMA Canada president and chief executive officer Benjamin Shinewald. “This guide focuses specifically on that subject.”

Internet-connected or smart systems are assisting operations and increasing efficiency in a wide variety of areas, ranging from making elevator systems more efficient to monitoring and optimizing heating, ventilation and air conditioning performance. These benefits, however, can also come with risks if unscrupulous people hack into them or introduce malware to cause damage or attempt to extort a ransom.

Twenty-eight industry leaders worked with Shinewald and BOMA Canada marketing and communications consultant Michael Parker for about a year. They developed the guide as a direct response to the increasing frequency of cyber breaches occurring globally within the commercial real estate sector.

“Just over a year ago, I was approached by Cheryl Gray at QuadReal, who told me that she sensed that the industry could use some help in the area of cyber security and building operations,” said Shinewald. “She thought that BOMA would be a natural leader for a project in the area.

“We therefore convened a large group of industry leaders — crossing real estate services, security, IT and more, and representing about 20 leading companies — to come together and discuss the issue. We were assisted deeply in that regard by MNP LLP on the issue in general, and also by Marsh on the cyber insurance side.”

Shinewald said companies generally don’t publicize cyber security breaches, but it’s acknowledged they are taking place.

Cyber security threats and risks

Threats to building operations need be taken seriously due to the potential for extensive data loss, human safety concerns, competitiveness issues and loss of reputation. The guide’s purpose is to create more awareness of these risks, help prepare at the building level before an incident occurs, and demonstrate how to respond if and when an incident occurs.

“The bigger BOMA members are definitely waking up to the risks,” said Shinewald. “They are learning and investing in the area.

“One of the nicest aspects of this exercise was that there was a real ethos that those bigger players could bring their collective wisdom together and assist the smaller ones who lacked the resources to address the issues head-on.”

The costs of implementing a comprehensive cyber security system for a commercial building varies and depends on the building’s systems, size, available budget and other factors.

Artificial intelligence is emerging as a way to detect cyber threats because it isn’t restricted by staffing limitations; nor is it as susceptible to human error.

Artificial intelligence cyber threat detection can be based on the unique requirements of each individual building or organization. These systems can run in the background, continuously detecting and understanding patterns, and can evolve as they gather more information.

Cyber insurance a growth industry

Cyber insurance should ideally be tailored to the unique cyber risk profile of an individual organization shaped by; the firm’s use of technology in its operations, interactions with vendors, suppliers, customers and other third parties, and how it collects, handles, stores and transmits confidential information.

Generally, however, most cyber policies include a range of basic coverages. It can be customized to include such things as physical damage or bodily injury resulting from a cyber event which impacts operational systems. Policyholders can also often access related services, including technical advice and risk mitigation counsel, vulnerability detection tools, cyber education, and incident response planning.

“Cyber insurance is becoming more and more common for businesses of all kinds, including in the real estate industry,” said Shinewald. “Like cyber security itself, cyber insurance is a growth industry.”

Cyber Wellness Guide and Resilience Brief

A French-language version of the Cyber Wellness Guide is available in addition to the English edition.

BOMA China will also translate the guide, with BOMA Canada’s permission, into Chinese languages. Calgary-headquartered chartered accountancy and business advisory firm MNP LLP is scheduled to make cyber security presentations at events in Beijing and Shanghai next year.

BOMA Canada has also just released its 2019 Resilience Brief, a tool to assist building owners and managers consider resilience and the potential risks and opportunities created by extreme weather events. It was developed by 28 Canadian industry leaders and includes an overview of the issues and simple strategies commercial real estate professionals can take to protect assets.

BOMA expects to annually update both the Cyber Wellness Guide and Resilience Brief.

BOMA Canada represents the Canadian commercial real estate industry on matters of national concern and oversees North America’s largest environmental assessment and certification program for existing buildings, BOMA BEST.