In commercial real estate (CRE), information is often more valuable than the properties themselves. When multi-billion-dollar acquisitions, mergers, financing rounds, and development deals are on the line, the slightest leak of proprietary data can derail negotiations, shift leverage, or expose the company to significant risk.
For CEOs leading large CRE firms or REITs, protecting proprietary data is no longer just an IT responsibility — it is a leadership mandate. The stakes are high, the competition is fierce, and institutional investors expect airtight systems that safeguard every document, model, valuation, and strategy from unauthorized access.
Few leaders have seen these pressures from the inside like Randall Starr, former Co-CEO and CFO of FrontView REIT. His executive experience inside a publicly reporting REIT placed him directly in the gravity center of financial modeling, investor relations, compliance, and operational risk — the exact areas where data security becomes mission-critical.
This article breaks down the CEO’s perspective on risk mitigation and highlights how executives can build a digital environment capable of protecting multi-billion-dollar deals from internal and external threats.
- Why Proprietary Data Is the Lifeline of Major CRE Deals
Large CRE transactions rely on sensitive data that must remain confidential throughout the entire deal-making process. This includes:
- Valuation models
- Debt structures
- Risk forecasts
- Tenant rosters
- Acquisition pipelines
- Development blueprints
- Environmental reports
- Third-party feasibility studies
- Negotiation terms
- Strategic financial assumptions
If any of this information becomes public — or even gets into the wrong hands privately — the consequences can be immediate and severe.
A leaked valuation model could weaken negotiating power.
A compromised debt analysis could shift investor confidence.
A revealed acquisition pipeline could invite competitive interference.
From Starr’s executive vantage point, it was clear that proprietary data is essentially the currency of billion-dollar CRE strategy. Its protection determines whether the deal strengthens the company or exposes it.
- CEOs Must Lead the Security Mindset — Not Delegate It
Traditional thinking treats cybersecurity as an IT function. Modern CRE leadership knows better. In a world where financial models, investor documents, and confidential projections live online, security is as much a business priority as revenue or acquisitions.
A CEO’s role involves:
- Establishing top-down security culture
- Approving digital infrastructure investments
- Setting data access rules
- Coordinating with legal and compliance teams
- Ensuring financial systems are secure
- Enforcing accountability across departments
Starr’s experience inside a REIT highlighted how quickly leadership is judged when transparency, filings, or internal controls appear weak. CEOs set the tone. If leadership treats data security casually, the rest of the organization will follow.
- Multi-Billion-Dollar Deals Require a Zero-Trust Framework
Modern CRE firms are shifting toward a zero-trust architecture, where no user — internal or external — is automatically trusted without verification.
A zero-trust system includes:
- Verification for every login
- Multi-factor authentication
- Limited access based on roles
- Strict permissions for sensitive folders
- Continuous activity monitoring
- Encrypted communication channels
In high-value CRE transactions, the biggest risks often come from:
- Poor access controls
- Old logins that were never disabled
- Overly broad internal permissions
- Shared email attachments
- Staff accessing files outside their scope
Zero-trust eliminates these vulnerabilities. CEOs who understand the intensity of multi-billion-dollar negotiations know that security must begin at the identity level — not the firewall level.
- Secure Deal Rooms: The New Standard for Large CRE Transactions
The days of emailing confidential PDFs back and forth are gone. For major CRE deals, CEOs are increasingly requiring the use of secure digital deal rooms — encrypted environments where documents are shared safely.
A proper deal room offers:
- Secure uploads
- Permission-based access
- Document expiration and remote revocation
- Automatic watermarking
- Download restrictions
- Real-time tracking of who viewed what
- Audit logs to support compliance
- Version control for sensitive files
Starr’s insider exposure to board-level, investor-level, and regulatory documents made it clear how dangerous traditional sharing methods can be. One forwarded email or unsecured file storage system could compromise months of negotiations.
Deal rooms provide the structure, accountability, and protection that CRE CEOs need to move large transactions forward without fear of leakage.
- Protecting Financial Models Is a Top Priority
Financial models are often the most sensitive documents in any CRE deal. They include assumptions, pricing logic, risk scores, and profitability projections that competitors would love to see.
To protect financial models, CRE leaders must ensure:
- Models are stored in encrypted systems
- Access is restricted to authorized users
- Downloads can be disabled
- Shared versions are watermarked
- External partners must sign digital NDAs
- Change logs are tracked automatically
Starr’s tenure overseeing REIT financial strategy revealed how easy it is for assumptions or projections to be misused if exposed. These models are not just spreadsheets — they are strategic blueprints.
- Cybersecurity Must Match Financial Scale
A multi-billion-dollar CRE firm cannot survive with the cybersecurity of a mid-sized business. The systems must match the value of the deals they protect.
Strong cybersecurity for CRE firms includes:
- Regular penetration testing
- External cybersecurity audits
- Network segmentation
- AI-driven threat detection
- Secure mobile access
- Strong password policies
- Encrypted internal communication tools
- Off-site backups for all critical data
Starr’s experience dealing with sensitive filings and internal coordination underscored an important truth: hackers target financial and real-estate companies because the payoff is massive.
CEOs who fail to match risk with infrastructure expose their companies to consequences that go far beyond financial loss — including reputational damage and legal scrutiny.
- Institutional Investors Look for Security Discipline
Institutional investors examine a CRE firm’s digital infrastructure just as closely as its balance sheet. They want to invest in organizations that protect their information as seriously as they protect their capital.
They evaluate:
- How documents are stored
- How sensitive information is shared
- Whether compliance trails exist
- How leadership responds to risk
- Whether systems are modern and secure
A REIT or CRE firm that lacks robust digital controls sends a dangerous signal: if the company cannot secure its own data, it may not be able to secure investor capital either.
Starr’s experience in investor-facing roles made this painfully clear. Investors reward companies that operate with transparency and disciplined internal controls — both of which depend on strong digital systems.
- Leadership Transitions Increase Security Vulnerabilities
Leadership changes, board updates, and executive transitions create windows where data risk increases significantly.
CEOs must ensure:
- Immediate revocation of old credentials
- Secure transfer of digital assets
- Protection of board communications
- Updated access rights for sensitive folders
- Reviewed and renewed NDAs
- Monitoring for unusual activity
During these moments, competitors, opportunists, or internal actors may attempt to access valuable information. A strong digital system reduces those risks dramatically and stabilizes operations during potentially sensitive periods.
- The Human Element: Employee Behavior Is the Weakest Link
Even the most secure digital systems can be compromised by human mistakes:
- Forwarding documents to personal email
- Weak passwords
- Using public Wi-Fi during negotiations
- Sharing confidential files on collaboration tools
- Leaving devices unlocked
- Saving files on unsecured USB drives
This is why CEOs must support:
- Mandatory security training
- Routine refreshers
- Simulated phishing tests
- Strict device policies
- Clear consequences for violations
Risk mitigation is not only about software — it’s about habits, discipline, and culture. Starr’s leadership experience highlighted this as a recurring theme across REIT operations.
- Protecting Proprietary Data Protects Deal Leverage
A CRE firm’s greatest advantage in major deals is its information advantage. When this information is compromised:
- The firm loses leverage
- Counterparties gain insights they shouldn’t have
- Negotiation positions weaken
- Valuation logic can be reverse-engineered
- Competitors can interfere in acquisition pipelines
Protecting proprietary data is not a defensive strategy — it is an offensive one. It strengthens negotiations, supports better pricing, and ensures that the company retains control of the narrative throughout the deal process.
Final Thoughts: In CRE, Data Security Is Deal Security
Multi-billion-dollar deals are built on trust, secrecy, and precision. A CRE firm may have strong assets, great leadership, and a compelling strategy — but if its data protection is weak, everything else becomes vulnerable.
A CEO’s role is to ensure that:
- Proprietary data is protected
- Access is controlled
- Systems are modern and secure
- Deal rooms are encrypted
- Compliance is airtight
- Employee behavior reinforces security culture
Starr’s experience inside a publicly reporting REIT reaffirms a central reality:
In commercial real estate, the protection of proprietary data is the protection of enterprise value.
The companies that understand this — and invest heavily in digital risk mitigation — are the ones that close the biggest deals with confidence and credibility.
