From ‘If’ to ‘When’: Key Cybersecurity Lessons from the BE News Spotlight Event

Cybersecurity is no longer about if something goes wrong, but when. That message rang loud and clear at the BE News Spotlight on Cybersecurity event, which technologywithin was proud to sponsor.

Througout the discussion, one theme consistently emerged: the industry needs to shift its mindset. Away from hypothetical risk. Towards operational readiness.

The panel returned to the same key fundamentals:

• Plan for it
• Test it
• And pay attention to the questions you can’t answer, because that’s where the real risk sits

Preparation isn’t optional. Readiness is everything.

Huge thanks to BE News and Liz Hamson for hosting and moderating such a valuable discussion, and to the brilliant panel for their insights shared. The event was hosted at The Stables MYO, an amazing location and a great setting for a practical, honest conversation. 

Liz Hamson was joined by a panel bringing together perspectives from across real estate, legal, cybersecurity and technology. 

Panellists included Martin Whitaker, Development Director at technologywithin; Stuart Davey, Partner at Pinsent Masons; Andy Broad, Head of Cyber Security at Landsec; Caitlin Egen, Global Director of Digital and Cyber at Control Risks; Sanjaya Ranasinghe, VP at WiredScore; and Louise Methven, Compliance & Cyber Security Director at Ark Data Centres. 

Flex is catching up, but standards still lag

Martin Whitaker, Development Director at technologywithin, reflected on how cybersecurity awareness in the flexible workspace sector has grown as more enterprise occupiers move into flex environments.

But maturity still lags behind other industries.

“Too often, the risks come from simple human error – shared Wi-Fi passwords, poor access management, and failing to remove access for guests or former employees. Most breaches don’t start with hackers, they start with bad habits.”

He also warned about outdated authentication methods such as MAC address authentication, which grants network access based on a device’s unique hardware identifier. While it’s often seen as a simple way to assign users to private networks, MAC addresses are easy to discover and spoof.

“With basic tools, someone can impersonate another device and drop straight into a private company network. It’s a low-effort, high-impact attack exploiting basic weaknesses.”

The threat landscape is broader than cyber alone

Cybersecurity can no longer be separated from physical security.

Martin outlined three main sources of risk in flexible workspaces:

Inside the building: unintentional access from guests, contractors or former employees
Outside, targeting the weakest link: fragmented responsibility between landlord, operator, tenant and tech provider creates gaps
The convergence of digital and physical risk: from compromised access cards to unsecured Wi-Fi and vulnerable smart building systems

“Attackers don’t target the strongest door,” Martin said. “They target the one that’s left unlocked.”

Why flex operators are uniquely exposed

Flex spaces are uniquely exposed, with multiple companies, shared infrastructure and transient users create a perfect storm for security gaps if the technology and processes aren’t designed properly.

High user turnover means people are constantly joining and leaving networks. Multiple physical and digital access points increase the attack surface. Shared networks connects dozens of businesses under one roof, often alongside highly sensitive tenant data. On top of that, operators rely on complex ecosystems of third-party vendors for connectivity, access control, apps and building systems.

“Compromising one trusted provider can open the door to dozens of buildings at once,” Martin warned.

And Wi-Fi is one of the most underestimated attack surfaces.

“Shared passwords or device-based authentication feel simple, but they’re one of the easiest ways to hand attackers the keys to your digital front door.” Martin added.

AI, smart tech and the ‘perfect storm’

Flex spaces are uniquely exposed, with multiple companies, shared infrastructure and transient users create a perfect storm for security gaps if the technology and processes aren’t designed properly.

Wi-Fi being one of the most underestimated attack surfaces.

“Shared passwords or device-based authentication feel simple, but they’re one of the easiest ways to hand attackers the keys to your digital front door.” Martin added.

What ‘good’ looks like in modern flex

From technologywithin’s perspective, modern cybersecurity must be built on non-negotiables:

• Full VLAN segregation for every customer
• Enterprise-grade wireless encryption
• 2FA across all management systems
• Full audit trails for system changes
• Carrier-grade DDoS protection

“These aren’t nice-to-haves,” Martin said. “They’re the baseline for enterprise trust.”

Cybersecurity as a competitive advantage

Strong cybersecurity is not just a cost. It’s a growth strategy.

“Security-conscious tenants choose operators who protect them,” Martin said. “In crowded flex markets, trust is a differentiator.”

A secure, enterprise-grade network can:

• Attract higher-value occupiers
• Unlock enterprise demand
• Justify premium pricing
• Reduce churn and reputational risk

“Yes, cybersecurity requires investment,” he concluded. “But not investing could prove far more expensive in the long run.”

So, where does the industry go from here?

Martin expressed optimism that 2026 will mark a turning point as the year the built environment industry truly wakes up to the scale of the threat.

“Awareness is growing, but action still lags. Those who invest now in people, processes and technology won’t just avoid breaches, they’ll gain a competitive edge.”

Are you ready for when, not if?

If you operate or manage flexible workspace and can’t confidently answer how your network is secured, who has access, and how risks are monitored day to day, that’s your starting point.

At technologywithin, we help operators assess their current setup, identify real vulnerabilities, and design secure, enterprise-grade networks built for flex workspaces.

It’s time to plan for when, not if. Reach out here.