More than 25% of UK businesses were hit by Cybersecurity threats over the past year, according to a new report released by the Royal Institution of Chartered Surveyors (RICS). The survey, which gathered input from over 8,000 facility managers, service providers, and consultancies, revealed that 27% of commercial properties experienced cybersecurity breaches in the last 12 months, a significant increase from 16% the previous year. The findings suggest that without swift and strategic interventions, companies could be “sleepwalking” into even greater digital disruptions.
The report comes amid high-profile incidents, such as the recent cyber-attack on Marks & Spencer. The retailer’s website was disabled for nearly seven weeks in April, leading to a 20% drop in clothing sales and lost ground to competitors like Zara and H&M. Alarmingly, nearly three-quarters of business leaders surveyed believe their companies are likely to face a cyber incident within the next one to two years.
AI and Outdated Systems Worsen the Risk
RICS cautioned that evolving technologies, particularly artificial intelligence, are accelerating the Cybersecurity threats landscape. The report highlights that many commercial buildings, some built as recently as 2013, may still be operating on outdated software such as Windows 7, a system no longer supported by Microsoft. Such vulnerabilities are increasingly attractive to cybercriminals, especially as buildings become more digitized.
Paul Bagust, head of property practice at RICS, emphasized the dual nature of smart technology. “Buildings are no longer just bricks and mortar,” he said. “They have become complex, data-driven digital ecosystems.” While these systems improve operational efficiency and environmental performance, they also introduce new cyber risks that are often overlooked.
Bagust warned that failure to proactively manage digital vulnerabilities could leave businesses dangerously exposed. “It is inconceivable to imagine a world where technology will not continue to pose a growing risk to a building’s operation,” he said.
Digital Infrastructure: The New Frontline for Cyber Defense
The report identifies specific technologies as critical risk zones, including building management systems, CCTV networks, IoT (Internet of Things) devices, and access control systems. These include everything from automated lighting and air conditioning to energy management platforms and surveillance systems, all of which are increasingly interconnected and data-driven.
RICS stressed that organisations must act swiftly to modernize Cybersecurity threats measures across their digital infrastructure. The failure to do so, according to the report, could result in widespread operational disruptions and long-term reputational damage.
As cyber-attacks become more frequent and complex, RICS’s message to UK businesses is clear: prioritize cybersecurity now, or risk facing severe consequences shortly.
