Building and digital risk: putting the ‘G’ into ESG
It has been well documented that an increased use of data and technology is providing enormous benefits to business, society and the planet.
So far, much of the discussion around ESG in the property sector has focused on the environmental element, which is understandable given the huge impact buildings have on global emissions. However, it is vital that in this increasingly digital age we don’t overlook the governance side of things. Indeed, as we see a surge in technologies being used in buildings and in decision-making with regard to them, the need to focus on how we govern them becomes even more important.
The way that buildings operate is changing to include many more factors, and this is neatly summarised by the new RICS International Building Operation Standard. It identifies five pillars by which building operation should be considered: functional, economic, sustainable, performing and compliant.
It has been well documented that an increased use of data and technology is providing enormous benefits to business, society and the planet.
So far, much of the discussion around ESG in the property sector has focused on the environmental element, which is understandable given the huge impact buildings have on global emissions. However, it is vital that in this increasingly digital age we don’t overlook the governance side of things. Indeed, as we see a surge in technologies being used in buildings and in decision-making with regard to them, the need to focus on how we govern them becomes even more important.
The way that buildings operate is changing to include many more factors, and this is neatly summarised by the new RICS International Building Operation Standard. It identifies five pillars by which building operation should be considered: functional, economic, sustainable, performing and compliant.
Technology can help with all of these pillars, and crucially IBOS identifies some of the data points that should be used in measuring performance. However, it also highlights the importance of digital risks, stating “…it is also important that the digital risks to the building and users are considered, and that the data collected is used in an ethical way. A professionally managed building should aim to have a documented register of the largest digital risks it faces, and the steps that can be taken to manage them”.
So, what are these risks and what should we do about them?
Technology failure
The most obvious digital risks in a building are related to the technology in the building failing, such as the electricity going off, the Wi-Fi not working or something as simple as forgetting a password to access a building management system.
As the operation of a building becomes more technology-dependent, then its ability to work seamlessly is essential. If the system that manages door entry stops working, how do you get into the building to fix it? An “internet of things” without the internet becomes just a collection of expensive “things”.
The next layer of digital risks is the more technical kind, and perhaps less obvious at first glance – for example, risks relating to how building data is collected and stored, or the risk of a cyber-attack on the building itself. Buildings are becoming digital platforms and so, in the same way that we have seen a rise in cyber-attacks on websites and digital devices in the past, so we will see incidents in buildings in the future.
Finally, the last set of risks, which are rarely considered in a building context but no less crucial, have a more external or human focus. To give some context, we have seen three high-profile examples in recent months:
External technology providers – last year, conveyancing and property services group Simplify’s IT systems were breached, which stalled thousands of housing transactions in the UK. There are many advantages of using external tech suppliers, and sometimes things go wrong which are unavoidable. However, getting on the front foot ensures that these risks can be highlighted in advance and the right conditions put in place to avoid or at least minimise future problems arising from the use of technology managed externally.
Technology transparency – in 2021, WhatsApp was fined €225m (£190m) by Ireland’s data watchdog. While WhatsApp is appealing the fine and the issues involved are complex, at the heart of this fine was not so much the misuse of data, but the lack of transparency to users about how the data was used. How many building owners or managers can say that they are actively transparent about how the data they collect in their buildings is used?
Fake news – fake news became a mantra in recent years relating to politics, but the ability to create ever more convincing artificial data and insights is growing rapidly at the very same time that we are increasingly reliant on external data and insights. This is a significant problem that we face in the next decade. Two years ago, a performance artist was shown to be manipulating Google traffic data, and last year “Deep Tom Cruise” provided very convincing anecdotes that appeared to be from the actor himself. Both of these examples are for entertainment’s sake, but as our building decisions, and those of our stakeholders, become more reliant on external data, it is vital that we can identify the risks that manipulated data poses and are able to manage them.
A growing use of technology in buildings is essential, but as we move into this more digital age, and against the backdrop of ESG, we must ensure that the buildings we own, occupy and manage are sufficiently governed.
The first step towards strong digital governance is to identify and consider the digital risks that your building faces. Preventing the problems arising from the risks that we face is often relatively easy and inexpensive – dealing with them in retrospect is usually very complex and expensive.
Dan Hughes is the founder of Alpha Property Insight
Photo © Gerd Altmann/Pixabay
