Security

85% of All Cyber Crimes Go Unreported

Copy article link
As we continue to drive connected technology into buildings, we are experiencing a steady rise in the number of cyber attacks and a growing concern about the vulnerability of smart buildings. However, as much as 85% of all cyber crimes go unreported, according to the US Department of Justice (DOJ), meaning the scale of the problem is far greater than most people realize. Due to the lack of cyber security skills in buildings and low confidence in law enforcement to tackle individual cases, we are not getting the full story on cyber crime in smart buildings. “These statistics indicate that many organizations are either unable or unwilling to effectively report on the scale of their cyber security problem. Information about the disclosed incidents can be limited since many of the affected organizations are unaware of how threat actors managed to get initial access,” reads our latest research. “Many observers also point to the rising incidence […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

As we continue to drive connected technology into buildings, we are experiencing a steady rise in the number of cyber attacks and a growing concern about the vulnerability of smart buildings. However, as much as 85% of all cyber crimes go unreported, according to the US Department of Justice (DOJ), meaning the scale of the problem is far greater than most people realize. Due to the lack of cyber security skills in buildings and low confidence in law enforcement to tackle individual cases, we are not getting the full story on cyber crime in smart buildings.

“These statistics indicate that many organizations are either unable or unwilling to effectively report on the scale of their cyber security problem. Information about the disclosed incidents can be limited since many of the affected organizations are unaware of how threat actors managed to get initial access,” reads our latest research. “Many observers also point to the rising incidence of successful ransomware attacks as a key reason why so many incidents go unreported. While the official advice for firms hit by ransomware attacks and other forms of cyber extortion is to report the incident rather than pay up, many organizations instead choose to pay the ransom.”

In an investigation of 623 ransomware incidents across the EU between May of 2021 and June of 2022, the European Union Agency for Cyber Security (ENISA) found that in 94.2% of incidents, it was never disclosed whether the company paid the ransom or not. Companies clearly remain understandably reticent to admit when they have been successfully extorted due to the reputational damage it might cause if the truth gets out. While operators of some critical infrastructure are now legally bound to report on cyber breaches of their systems, this nature does not typically extend to owners and operators of commercial buildings, leaving an uncertain cyber security landscape for many, if not most, smart buildings.

Given the current situation, we neither have substantial metrics to measure the extent of this problem nor an assessment of the efforts taken to counter it. the magnitude and costs of cyber crime, and what we are seeing reported on and discussed in the media may well be the tip of the iceberg,” explains the new research report. “Without more accurate metrics on the scale and volume of successful attacks, law enforcement actions taken against cyber criminals, and the impact these actions have on combating the threat, it will continue to be difficult for policymakers to make decisions about needed policy changes in order to assess the adequacy of current public policy approaches.”

More and more countries are emphasizing the importance of vulnerability disclosure through the regulatory process. In the US, the Cyber Incident Reporting for Critical Infrastructure Act, signed into law in March 2022, requires critical infrastructure companies to report cyber security incidents to the Cybersecurity and Infrastructure Security Agency (CISA). And, the European Union Agency for Cyber Security (ENISA) has published a map of national Coordinated Vulnerability Disclosure (CVD) policies aimed at helping EU States establish their national CVD policies as well as offering legal protection to security researchers involved in vulnerability discovery.

“The regulatory push to improve cyber breach notification laws is gathering steam in several countries. These regulations compel organizations affected by a data breach, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation,” explains our in-depth 2022 cyber security market report. “Although several of the regulations governing breach disclosure have limited scope or remain in the development stage, building owners should begin taking steps now to ensure future compliance.”

Whether unaware of the breaches or hiding them to limit liability, the issues around cyber crime discovery and disclosure is concealing the true scale of the problem and holding back solutions. While greater education and awareness of the need for disclosure is fundamental to the future of smart building market growth, the acceleration of cyber crime during the pandemic and the scale of undisclosed breaches demands action. Supportive regulation and broad implementation may now be the only way to stop the rot and protect the future of the smart buildings market.

Most Popular Articles

Mapspeople Results 2023
Smart Buildings

MapsPeople Indoor Mapping Business & 2023 Financials Examined

In this Research Note, we examine MapsPeople, a Danish public company providing indoor mapping and navigation software. This analysis, covering their latest financial results, channel and vertical market focus, PointInside acquisition, and 2024 outlook, updating our previous Research Note in May 2023. Founded in 1997, MapsPeople is a subscription-based SaaS company based in Nørresundby, Denmark […]

Smart Construction Procurement
Smart Buildings

Smarter Buildings Demand Smart Construction Procurement

“There is a rot at the core of how construction is procured and it begins with clients and main contractors. We are already at the bottom, as can be seen in cruel black and white by the failures of large main contractors throughout 2023. Something has to change!” proclaimed Mike Wharton, chief executive of Complete […]

SmartSpace Software Acquisition by SignIn Solutions
Smart Buildings

What’s Behind the Acquisition of SmartSpace Software by Sign In Solutions?

This Research Note examines what’s behind the acquisition of UK-listed company, SmartSpace Software by visitor management software firm, Sign In Solutions, agreed by the shareholders on 18th April 2024. We review the bidding war started by Skedda, assess the terms of the offer, and highlight the respective businesses in workplace management solutions. Competing Bids On […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy