Real estate and construction face unique cybersecurity challenges

Key cybersecurity considerations amid emerging industry vulnerabilities

As cyberthreats continue to evolve, the real estate and construction industry faces unique challenges compared to other high-profile industries. Despite data in the Q1 2025 RSM US Middle Market Business Index survey showing that reported data breaches across the middle market were down 10 percentage points in 2024 compared to the previous year, real estate and construction companies remain particularly vulnerable to cybercrime simply due to how the industry operates. 

Why the industry is a prime target for cybercrime

A major concern is the intricate network of players in this vast ecosystem—including construction clients, contractors, subcontractors, construction workers, service providers and others—which makes the industry a prime target for cybercrime. The high volume of field-to-office communication and payment transactions creates a playground for criminals to unleash social engineering, phishing attacks and other scams to exploit people and steal information and money.

“Unlike industries with centralized IT operations, real estate and construction companies face unique cybersecurity challenges. Global operations, mobile workforce, active sites and disconnected systems create exposure of a broader attack surface,” says Matt Riccio, a senior analyst for the real estate industry at RSM US LLP.

Workers in the field often connect to open networks—i.e., unsecured public networks—to access and share company and client data. And many of these workers are unaware they are putting sensitive information at risk. While education should be the first line of defense, employee awareness training for effective cybersecurity governance is limited across the industry.

Many real estate and construction companies are challenged by inadequate resources for training, technical support and internal controls, which has led to a greater reliance on third-party providers for cybersecurity protection. Given the evolving complexity to maintain security, managed information technology is becoming a crucial component of risk mitigation strategies,” says Riccio.

How technology and compliance are reshaping the cybersecurity landscape

An ever-expanding number of devices connected to the internet, also known as the Internet of Things (IoT), are needed to support real estate and construction operations. This creates a challenge to secure systems and understand what data is being sent. Industry leaders must pay closer attention to securing connected devices and mitigating risks associated with social engineering and wire fraud, as ransomware, fraudulent wire transfers and data theft are commonplace among real estate and construction firms.

“Historically, cybersecurity efforts in the real estate and construction industry focused on traditional IT infrastructure, but the rapid expansion of IoT devices in such systems as building management, asset tracking, field service and site monitoring instruments has introduced new vulnerabilities,” says Sharat Kumar, an RSM US principal in managed IT services. “Companies will need to keep up with the evolving tool sets and processes to secure these systems and protect sensitive data.”

Adding to the complexity of real estate and construction cybersecurity, companies doing business in multiple states must adhere to data privacy and protection laws at the state and national level. For companies working with the U.S. Department of Defense, compliance with the Cybersecurity Maturity Model Certification (CMMC) 2.0 program is now a requirement for government contracts. Meanwhile, real estate and construction industry investors increasingly want to see controls in place to protect their financial information.

The takeaway

Finding protection against these cyberthreats is increasingly challenging as attacker tools and strategies grow more sophisticated by the day. Emerging cybersecurity technologies enhanced by cloud computing, artificial intelligence and machine learning are continually advancing to help organizations stay one step ahead of cybercriminals.

Real estate and construction firms should consider leveraging these technologies and other tools to build robust cybersecurity programs designed to safeguard sensitive data and protect the company’s financial interests. For many firms, it may be beneficial to consult a cybersecurity advisor when navigating strategies to identify the right solutions.