For far too long, headline-grabbing data-privacy breaches at Equifax, Anthem and Target Corp. reinforced a false notion that data security crimes are an epidemic confined to the largest and most visible companies. As brand-name firms hardened themselves to attack, investment managers presuming to “fly under the radar” of cybercriminals failed to bolster their defenses. Today, they’re paying the price. Real estate investment managers have a target on their backs. They house valuable libraries of personally identifiable information (e.g., bank account, Social Security and tax ID numbers), and sit at the center of millions of dollars in daily transactions. Hackers seeking to exploit weak links in an increasingly connected financial ecosystem are targeting these firms with an escalating level of sophistication and aggression.

In first quarter 2018 alone, we have heard several firsthand accounts of successful cyberattacks targeting real estate investment firms. Consider thes