Today’s connected, Internet-of-Things-enabled smart buildings are making lives better on a daily basis: more comfortable to work in, more energy efficient, and even more cost-effective to run as facilities management teams are able to identify and address smaller problems before they become major issues. This is a market valued by Zion Research at $7 billion in 2014, reaching $20 billion by 2020.
The flip side to this comes in the form of complexity: The average smart office block has more computing power, more lines of code, and more complex data networking than ever before (45% of 11 billion IoT devices represented by smart home or smart building applications in 2015 according to Gartner). And they’re flying under the CIO and corporate governance radar because they come embedded in your security, building management, HVAC, access control, and other systems traditionally thought of as stand-alone, single-purpose, controlled-access environments that are able to rely completely on physical access control for their protection.
In 2015, the FacilitiesNet industry group published some disturbing results in a survey showing that, while 84% of systems controlled by the building managers surveyed were connected to the Internet, only 22% of respondents were knowledgeable (15%) or very knowledgeable (7%) about cybersecurity issues relating to building automation systems.
In 2016, IBM’s X-Force Research Group found multiple security risks in smart buildings. The findings were picked up at the time by TechRepublic and other IT industry publishers.
In 2017, is the situation better? Do you know the impact of business automation systems and other “smart building” technologies on your organization’s risk profile? Perhaps not, according to insurance industry research. This article from an insurance specialist points out that a data breach at US retailer Target was linked to its air conditioning system contractor, and that a recent UK survey found that as many as four in 10 smart buildings do not take any specific steps to counter cyber threats.
The potential liability surrounding building systems–those that interact with the physical dimension–is another factor starting to raise concerns. If a compromised building management system results in physical injury, then there is a very real potential for losses to building owners. It is very likely that insurance markets will be moving further to clarify, or even exclude, cover in this area.
For now, there is a window of opportunity to bring smart buildings in from the cold, and to begin treating them with the same level of diligence as is applied to other information systems in the organization.