Policy Stack

Connected Communities, Shared Responsibility: Managing Cyber Risk

Written by Julianne Goodfellow | Jul 13, 2026

Apartment communities are becoming more connected, and that connectivity is transforming housing operations, resident experience, and the future of rental housing.

Connected systems can support better access control, faster maintenance response, stronger energy management, more seamless resident communication, and more informed operational decisions.

As technology becomes increasingly integrated into every aspect of community operations, it also changes how housing providers, technology partners, and suppliers think about resilience and risk.

The systems that support modern apartment communities may mean that a housing provider owns the asset, a technology partner operates the platform, a supplier maintains the device, and a resident may interact with the system every day.

Digital infrastructure is now inseparable from core business functions in rental housing. Building systems, apartment community management platforms, access controls, smart devices, and emerging technologies are no longer peripheral. They are part of how housing providers serve residents every day. As RETTC's white paper, Cybersecurity in Connected Communities, explains, the expanded ecosystem also introduces more potential entry points for vulnerabilities.

That means cybersecurity is not simply an operational issue. It is also a governance issue, a resident trust issue, and, increasingly, a policy issue.

Connected Communities Create Connected Risk

For years, many organizations thought about cybersecurity primarily through the lens of corporate systems: email, payment systems, employee credentials, business records, and data storage. Those risks still matter. Today's connected communities, however, require organizations to think more broadly about cyber resilience across an increasingly interconnected technology ecosystem.

What happens when access systems are disrupted? What happens when a smart device is misconfigured? What happens when a supplier-managed system creates exposure? Each scenario has the potential to affect leasing operations, resident communications, building systems, or financial transactions.

The answer is not theoretical. RETTC's Cybersecurity in Connected Communities white paper notes that rental housing providers may not view themselves as high-profile targets, but the technologies they rely on are widely used across critical infrastructure. Attackers do not need to target a specific housing provider to create operational, financial, or resident impact.

In a connected environment, risk can enter through many doors. It can come through a corporate network, a resident-facing platform, a smart building system, a remote access pathway, or a third-party supplier. It can involve data or operations, and increasingly it can involve both.

This is especially important because apartment communities rely on operational technology and Internet of Things systems that touch the physical environment. Access control, smart locks, thermostats, lighting, gates, elevators, and building automation systems all help communities operate. They also expand the number of systems that need to be understood, monitored, and governed.

The answer is not to slow innovation. It is to ensure governance, security, and resilience evolve alongside it.

Why This Matters Now

Cybersecurity expectations are rising from several directions at once. Regulators are asking more questions about data protection, incident response, and reasonable security. Insurers are asking more detailed questions about controls, backups, testing, and supplier risk. Investors are paying closer attention to operational resilience. Residents increasingly expect digital convenience without having to understand the systems behind it.

This is where cybersecurity becomes part of the broader technology policy conversation. Privacy, cybersecurity, and artificial intelligence are often discussed separately on Capitol Hill and state capitals, but housing providers and technology companies experience them together. The same systems that support resident services, payments, building operations, and emerging technology also raise questions about data protection, supplier oversight, system resilience, and accountability.

Policymakers need to understand how technology works in real-world housing operations before setting requirements that may affect connected communities. Strong policy should protect consumers and encourage better security while supporting continued innovation and avoiding fragmented or conflicting regulatory obligations that make it harder for housing providers and technology partners to manage risk across multiple jurisdictions.

For RETTC members, that shift matters because cybersecurity increasingly affects procurement, insurance, investor confidence, resident trust, and business continuity. It also affects how quickly an organization can respond when something goes wrong.

Shared Risk Requires Shared Governance

Cybersecurity maturity is ultimately a governance question. Tools, technical controls, and monitoring all matter, but the broader focus is building accountability across the ecosystem.

Do organizations know what systems they have and which systems are most critical? Do they understand supplier dependencies? Do they have a clear incident response plan, and have they tested it? Do legal, communications, operations, executive leadership, and on-site teams understand their roles?

The white paper emphasizes that cybersecurity maturity is not just a technology project. It is a governance and resilience function that requires coordination across operators, suppliers, and regulators. It also identifies Written Information Security Plans, tabletop exercises, post-incident reviews, and scenario planning as practical tools for testing whether people, communications, and incident response processes are ready when they are needed.

That shared approach is essential because cybersecurity is a shared responsibility across the connected technology ecosystem. Housing providers and technology partners alike need confidence that the ecosystem is building and maintaining secure products. Suppliers need clear expectations for access, reporting, and risk management. Residents need to trust that the systems serving them are reliable and secure.

This is also where leadership matters. A fragmented policy environment can make compliance more complex, but it does not change the underlying need for practical governance. Housing providers and technology partners need frameworks that help them understand risk, assign responsibility, and improve over time.

Looking Ahead

Innovation is strongest when it is supported by governance, resilience, and trust. Connected communities can improve housing operations and resident outcomes. They can help housing providers operate more efficiently, residents interact with their communities more easily, and technology partners bring better solutions to market. But those benefits depend on confidence in the systems behind them.

RETTC's Cybersecurity in Connected Communities white paper is intended to help advance that conversation. It provides a practical resource for housing providers and technology partners seeking to understand the threat landscape, assess risk, strengthen governance, and prepare for a more connected operating environment.

Technology is helping transform rental housing. As connected communities continue to evolve, cybersecurity must evolve with them. By strengthening governance, encouraging responsible innovation, and fostering collaboration across the technology ecosystem, multifamily can continue building smarter, more resilient communities that benefit housing providers, technology partners, and residents alike.