Networked devices are increasing the cyber-attack risk for smart buildings, according to market research firm Verdantix.

It is calling on firms to reboot their building operations security strategies, and says building managers need an integrated approach with IT professionals and clear lines of responsibility.

Companies face an increasing but under-recognised threat from cyber attacks on building systems and facilities managers need to act now with IT professionals to address the issue, it warns.

In a report, it highlights how a sharp rise in the number of connected devices across building systems mean the operational technology (OT) used to run facilities creates a growing risk of cyber attack. Connected OT networks are converging with their IT counterparts, blurring traditional lines of responsibility for cyber security, just as ageing building systems require replacement, and the number of attacks rises.

Without sufficient security controls, Verdantix warns, these systems are introducing significant risks and more entry points for cyber criminals to exploit. The past five years have seen a massive explosion of IoT sensors and smart devices deployed with firms frequently selecting these smart devices based on cost and functionality, resulting in facilities having many devices with poor inbuilt cyber-security controls.

Cyber attacks aimed at IT systems cost businesses $945bin in 2020, it is estimated, through damage to data and systems, lost productivity, and theft of money, intellectual property and personal data despite $145bn in cyber-security expenditure.

The “Best Practices: Enhancing Your Smart Building Cyber Security Programme” report found firms were not aware of the full extent of their risk exposure from their OT, as they often do not keep registers of connected devices, or the level of cyber-security protection provided.

Compiled after interviews with experts from the cyber-security, IT and building technology sectors, the report shows how companies can adapt. The publication comes as more connected devices via the IoT transform the landscape, but just 32% of firms evaluate IoT security risks as part of the onboarding process for third parties and just 54% run penetration tests on their IoT devices.

“The first step for rebooting a smart building cyber-security strategy is defining clear responsibilities and embedding cyber management into facilities operations across procurement, technology management and staff training,” said Rodolphe D’Arjuzon, global head of research at Verdantix. “Facilities managers should not develop a siloed cyber programme on their own, but rather partner with their IT and security peers to integrate cyber security into different building management processes.”