New York City, N.Y./Princeton, N.J. – Cyber fraud in commercial real estate not only exists but is thriving despite continuous efforts to minimize such risks, according to the professionals in WithumSmith+Brown (Withum) PC’s Cyber and Information Security advisory group. Cybersecurity and ransomware attacks have become more amplified industry-wide, rendering commercial real estate one the fastest-growing targets for cyber attacks.

“Commercial real estate has an over-abundance of the two things cybercriminals are after – information and money,” explained Joe Riccie, partner, market leader of the Cyber and Information Security Services Group who recently served as a panelist at a real estate industry conference for chief financial officers. “In commercial real estate transactions, there is a lot at stake, which is why this industry and all those involved in it have become even more vulnerable to cybercrimes.”

Last year, the FBI reported approximately $1B was stolen from buyers in real estate transactions and there was a 480% increase in inbound complaints. It is the speed at which today’s transactions occur – thanks to a highly distributed mobile workforce, smart technology and wire services – that unlocks commercial real estate’s level of exposure, according to Riccie.

“Criminals are focused on valuable company data, information about each of the parties involved (ie: buyer, seller, tenants) and an entry pipeline into the financial institution/bank providing financing for the transactions,” he said. “Once this information is accessed, hackers take it one step further to gain entry to personal account information that is then sold on the dark web or to other more sophisticated cyber criminals.”

Robert Egan, a partner with Archer Law, urges cyberattack victims to own up to the breach and involve all necessary parties once the break has been discovered. “The potential breach must be investigated to ensure the hackers are out of your system,” he said. “From the onset, it is important to determine your legal obligations and remediate all vulnerabilities to minimize future risks.”

Typically, cyber-fraud headlines focus on financial services, healthcare and retail industry victims. “No industry is immune,” said Tony Sardis, partner and president of Withum Insurance Advisors. “Cybercrime takes on many different forms, from phishing scams and mobile device/computer hacking to inside threats posed by employees.”

To protect one’s company, employees, clients and third-party service providers, Sardis urges all real estate entities to implement certain strategies and tools to combat cyber fraud and promote cyber resiliency. He also has the following suggestions:

  • Acquire cyber insurance from a reputable company for all business activities
  • Require cyber insurance from your subcontractors and vendors
  • Report any breaches to the insurance company immediately upon discovery

Rob Kleeger, founder and managing director of Digital4nx Group, Ltd., also advocates employing certain password and authentication practices. “From encouraging longer pass phrases of at least 12 characters to utilizing password management tools such as LastPass, KeePass and Dashlane and enabling two-factor authentication whenever available, it is advisable to never use the same password on more than one site,” he explained. “It also is advisable to encrypt devices that store PII or confidential data.”

Established in 1974, Withum is a national top-ranking public accounting firm providing advisory, tax and audit services to businesses and individuals on a local-to-global scale. Headquartered in Princeton, NJ, additional offices are located in major financial centers including New York City, NY; Boston, MA; Philadelphia, PA; Washington, DC.; and Orlando, FL. Withum is an independent member of HLB, the global advisory and accounting network. Visit for more information.