At one time, commercial real estate firms were considered less at-risk for cyberattacks, because compared to financial services, healthcare and retail firms, they did not maintain as much personal and intellectual property information. As a result, CRE players have been slow to invest in cybersecurity and insurance for cyber risks.