A new Royal Institution of Chartered Surveyors (RICS) report, published on 30 June 2025, warns that 27% of UK businesses—up from 16% the previous year—were hit by cyber attacks in the past 12 months. Based on a survey of more than 8,000 building and facilities professionals, the report highlights increasing risks linked to smart-building technologies and outdated systems, including networked devices, access systems and unsupported software.
You can read the full RICS paper here: Digital Risks in Buildings – RICS.
Who Are RICS—and Why Should Businesses Take Notice?
The Royal Institution of Chartered Surveyors (RICS) is a leading UK professional body for the property, construction and infrastructure sectors. While not typically associated with cybersecurity, RICS members are often involved in specifying, installing and maintaining the systems that underpin today’s connected workplaces.
Importantly, many RICS members work in or with small and mid-sized firms—similar to the businesses Dr Logic supports every day. Their findings offer a valuable window into the day-to-day vulnerabilities that often go unnoticed in modern office environments, including rented workpaces.
Hidden Risks: It’s Not Always the Server Room That’s the Problem
A key message from the report is that cyber threats often originate in areas that businesses overlook. For instance, smart CCTV systems—commonly installed by third parties—are often left running on default settings or outdated firmware, and may be accessible remotely without proper controls.
This might not apply to every firm, but it highlights a broader issue: security weaknesses frequently exist outside the systems traditionally managed by IT teams. A forgotten admin account, an unsupported Windows machine, unchanged default login credentials, or a hastily configured remote access tool can all create risk if left unchecked.
Why This Matters Now
As businesses embrace hybrid working and adopt more connected technologies, the potential attack surface continues to grow. Without structured oversight and consistent security standards, even a minor piece of infrastructure could present a serious risk.
Earlier this year, Marks & Spencer had to suspend online orders for almost seven weeks following a cyber incident—underlining just how disruptive a single point of failure can be.
What Can Businesses Do?
Dr Logic recommends a proactive and joined-up approach to infrastructure risk:
- Audit your full technology estate—including connected devices, building systems and overlooked endpoints
- Retire or update unsupported systems, such as Windows 7 or 8
- Review remote access tools to ensure they meet current security standards
- Deliver regular cyber-awareness training to all staff
- Build security into facilities planning and office upgrades—not just IT projects
How Dr Logic Can Help
We help businesses identify and address vulnerabilities across their full working environment—not just their laptops and servers. Dr Logic offers:
- Strategic infrastructure reviews
- Ongoing monitoring and patching
- Support for modernising legacy systems
- Practical training for day-to-day security awareness
If your infrastructure hasn’t been reviewed recently, now is the time. Even small gaps can create serious risks—especially in places you may not have considered.
