By using this website, you agree to our use of cookies to enhance your experience.
By Mark Armstrong

Group CEO, Reapit


Cyber-security in 2022: what do agents need to know?

I’m sure most readers would agree with me that cyber-security is vitally important for almost any business, particularly those businesses like estate agencies that manage large amounts of valuable customer data.

The digitalisation of customer information has created an abundance of opportunity for cyber criminals to exploit, and this is a trend that has only accelerated during Covid. Cyber-attacks are now a nationwide issue, and one that impacts estate agencies and their customers just as much, if not more so, given the level of personal finances involved.

A notable cyber-security incident took place in late 2021 that afflicted Simplify Group, which left some of their customers unable to exchange, complete or move home. It was by no means the first property-sector entity to deal with such a crisis, and it won’t be the last. As recent as January this year, we heard from Paul Offley, compliance officer at The Guild of Property Professionals, that “more and more” cyber-attacks on agencies or on companies working within the housing industry were being filed.


With the threat of cyber-attacks on agencies rapidly increasing, cyber-security and maintaining cyber-resilience have never been more important for agencies to protect themselves and their customers, and to maintain trust between all parties. But how widespread is the cyber-attack threat? The answer is quite severe. So, here’s what agents need to know, both about the threats, and a foundation of what can be done to mitigate them.

Cyber-attacks are becoming more frequent

In 2021, two in five businesses (39%) reported having experienced cyber-security breaches or attacks, according to the government’s Cyber Security Breaches Survey 2021, and among the businesses that identify breaches or attacks, over 27% experience these issues at least once a week.

This is a significant problem for small businesses in particular, with the insurers Hiscox reporting that one small business in the UK is successfully hacked every 19 seconds, with businesses of that scale facing an estimated 65,000 attempted cyber-attacks every single day, of which around 4,500 are successful.

Understandably, being affected by a cyber-attack is hugely damaging to consumer trust, particularly when their personal details are on the line. According to one such study by Atomik Research, 33% of UK organisations said that they lost customers following a data breach, and a study from Forrester put this even higher, with their survey finding that up to 38% of UK companies claimed that they had lost business because of security issues.

When this question comes down to consumers themselves, the potential impact is quite notable. Research from PCI-PAL, a secure payments provider, found that 44% of UK consumers claim they would temporarily stop spending with a business after a security breach, and 41% of consumers claimed they would never return to a business post-breach. This only serves to demonstrate how maintaining poor data security practices can have a serious impact on a businesses’ bottom line.

It's not just the loss of customer trust and business that agencies should be afraid of. Failing to report a breach can potentially result in high penalties, with the UK-GDPR and DPA 2018 setting a heavy fine of £8.7 million or 2% of annual global turnover – whichever is greater – for infringements.

Technological challenges require technological solutions

Many businesses still don’t have adequate cyber-security measures in place to protect against hacks or data breaches, and it’s not only the big, corporate enterprises facing security threats (and many still lack adequate cyber-security policies), but small and medium businesses as well. Such dangers to our industry are only becoming more prevalent.

According to the government’s aforementioned Cyber Security Breaches Survey 2021, only three in 10 businesses (31%) have a business continuity plan that covers cyber-security, and only a quarter of businesses (23%) have cyber-security policies that cover home working – this rises among to 62% among medium businesses, and 72% large businesses.

With the increasing interest for work-from-home or hybrid working options among businesses, including agencies, a significant growing risk comes from using personal devices such as mobiles or home computers to perform work functions. According to the government survey, when it comes to using personal devices for work, only 18% of businesses have policies that cover the use of such devices for work, with that figure rising to 53% for medium businesses, and 66% for large businesses.

These statistics only serve to demonstrate the scale of the cyber-security challenge still facing many agencies. Consumer trust is built on the premise that we can look after their data and privileged information. That means that estate agencies, and PropTech, have to double down on their security initiatives and infrastructure in 2022 to ensure that they are as protected as possible against the danger of a breach.

Agencies should first and foremost consider the security initiatives in place within their CRM to boost their cyber-resilience – this is particularly important with more and more agencies using multiple integrations and apps from third parties that might leave them vulnerable to cyber-attacks.

A secure CRM should offer a number of fundamental security infrastructure initiatives for user logins and data handling, such as supplier-authenticated security credentials, SSO with multi-factor authentication, encryption of data-at-rest and in-transit. Partnering with a CRM provider that offers a managed service provider also brings its own benefits for infrastructure and security – outsourcing the responsibility to a provider means that agencies can rest easier knowing that the supplier is centralising and securitising the management of their data through one system, which means fewer doors for a hacker to find their way in.

Having a greater breadth of endpoint security protects an agency’s critical systems, customer data and employees themselves from all manner of phishing, malware, ransomware, and other cyber-attacks. With the threat of severe penalties looming over agencies if they fail to upkeep their security, partnering with a supplier that can offer the security infrastructure at scale (and scalability) for every size of agency means peace of mind that if something goes wrong, the system in place will be sufficient to mitigate any damage as much as possible.

I’ve always believed that technology is a gamechanger that brings with it distinct advantages and growing dangers in the form of cyber-attacks and data breaches. Agencies must be ready to face those dangers because threats are very real and so are the penalties.

Fortunately, the security infrastructure that now exists is equally strong and advancing by the day. Agents that want to secure their data and safeguard their business should ask their CRM supplier what can be done to protect them.

*Mark Armstrong is the Group Chief Executive Officer at Reapit


Please login to comment

MovePal MovePal MovePal