Commercial Appraisals: The Role of Cyberattacks in Assigning Value
May 25, 2017
Should a cyberattack be a considered factor when assigning value in appraisals?
Cyberattacks are a well-known risk to individuals and businesses alike. The fact that someone could invade a business’ IT system or any other digitally-connected device and access company data and financial transactions is a serious risk. But should you factor in the risk and security that’s been put in place to combat cyberattacks?
Commercial Real Estate and the Risk of Cyberattack
Cyberattacks in general are increasing, and no business is immune. In 2016, there were eight major ones that Forbes identified as some of the largest attacks in history, and a survey by Deloitte found that cyberattacks are a top concern for nearly 75% of corporate executives. Most people are aware of the major cyberattacks against retail giant Target and search engine company Yahoo, but fewer think about them affecting commercial real estate organizations.
The truth is, though, that commercial properties – and those who own or manage them – are vulnerable to any number of attacks. Many business systems for office suites and other commercial properties are managed and controlled remotely, and on-site managers may not take the precautions necessary to protect the properties they oversee.
Commercial real estate companies may not be making the headlines for cyberattacks, but the businesses contain a wealth of data assets that make them a solid target for people looking to inflict harm. Security measures must be implemented, and company leadership needs to assess how their existing technological practices may leave them vulnerable to cyberattack.
Cyberattacks and Appraisals
The role of the appraiser is to produce a credible estimate of a commercial property’s market value. That can get complicated when considering the risk of cyberattack. Does a cyberattack fall under the definition of a hypothetical or extraordinary assumption and, if so, should it impact the value of the property?
When a property derives much of its value from the rental rates received, what happens if those rents can’t be collected? Failures from a cyberattack can hurt not only cash flow, but reputation and therefore leasability of properties.
Heightened awareness of the risk of cyberattacks has forced owners and managers of commercial buildings to incorporate security enhancements in an effort to counter such activity. Likewise, appraisers need to consider not only the risk of attacks, but the impact of security measures on a property. If the threat of cyberattack is real, is it quantifiable? And if so, do security measures make a property more valuable than one without them?
The commercial appraisal industry is just beginning to understand cyberattacks and what role they, and the security measures put in place to thwart them, play in assigning value. What’s known for certain is that no industry is safe from a cyberattack. The topic will require continued assessment and vigilant planning. At a minimum, the appraisal industry needs to have conversations about the risks and whether to consider them, and protection measures a property owner or manager has in place, when assigning value to a commercial property.