As facilities management becomes increasingly digital, the very systems designed to optimise buildings are creating new vulnerabilities. From building management systems (BMS) and energy controls to cloud-based CAFM software and IoT-enabled sensors, the modern estate is now a fully connected network, and a growing target for cyber threats…
Cybersecurity is no longer the exclusive domain of IT departments. For FM leaders attending the FM Technology Forum this month, protecting connected estates has become a core operational and reputational priority.
The Expanding Attack Surface
Smart buildings rely on a complex web of technologies: HVAC systems controlled remotely, lighting managed through apps, and sensors monitoring occupancy, energy use, and maintenance needs. Each connection point improves efficiency but also increases exposure.
A single compromised device or unsecured network can provide a gateway for attackers to access wider systems, including corporate networks. High-profile breaches in recent years have shown how cybercriminals can exploit poorly secured building systems to cause significant operational disruption, data theft, or even safety risks.
As estates grow smarter, the attack surface expands, and FM teams must work proactively with IT and security colleagues to mitigate those risks.
Shared Responsibility for Security
The convergence of operational technology (OT) and information technology (IT) means cybersecurity can no longer sit in silos. FM teams now play a key role in ensuring that systems are configured securely, suppliers meet compliance standards, and staff follow safe digital practices.
Best practice starts with asset visibility, knowing exactly what devices and systems are connected, and where vulnerabilities exist. From there, FM leaders should prioritise:
- Regular software updates and patching for BMS, IoT sensors, and control systems.
- Network segmentation, keeping building systems separate from core IT networks.
- Supplier due diligence, ensuring vendors meet cybersecurity standards such as ISO 27001.
- Access controls, granting permissions only to authorised personnel.
- Incident response planning, aligning building operations with wider organisational resilience frameworks.
Securing the Cloud and CAFM Ecosystem
With many FM platforms now cloud-based, data protection and system integrity are critical. Providers offering CAFM, IWMS, and energy monitoring software should demonstrate robust encryption, secure APIs, and transparent compliance with GDPR and UK data protection standards.
Smart Buildings, Smarter Defences
As FM software becomes more intelligent, so must its security. The organisations leading in 2026 will be those that view cybersecurity not as an add-on, but as integral to building performance, safety, and sustainability.
By embedding security into every connected system and process, FM leaders can protect their estates, and their reputations, in an era where digital infrastructure is just as important as physical.
Cybersecurity Checklist for FM Leaders
- Map Your Digital Estate
Identify all connected systems, from HVAC and lighting to sensors and CAFM platforms, to understand where potential vulnerabilities exist. - Enforce Regular Patching and Updates
Ensure all FM and building management software, IoT devices, and control systems receive timely updates to close security gaps. - Segment Networks
Keep operational technology (OT) networks separate from corporate IT systems to contain potential breaches and limit lateral movement. - Vet Your Suppliers
Require cybersecurity certifications (e.g. ISO 27001, Cyber Essentials) and transparent data-handling policies from all technology and maintenance partners. - Control Access Rigorously
Apply the principle of least privilege, so only authorised personnel should have access to building systems and management software. - Plan for Incidents
Develop and test a joint incident response plan with IT and security teams to ensure quick recovery from any cyber event.
Are you searching for FM Software solutions for your organisation? The FM Technology Forum can help!
Photo by Christina @ wocintechchat.com on Unsplash
