Cushman & Wakefield operates a sprawling real estate services infrastructure spanning 400 offices across 60 countries with roughly 53,000 professionals. The firm handles commercial property management, asset management, brokerage, and site selection advisory - essentially managing real estate operations at scale for enterprise clients who need boots on the ground in multiple jurisdictions simultaneously. That distributed footprint creates the standard security surface: thousands of endpoints, legacy systems inherited from its 2015 DTZ merger, and constant data flows between local offices and centralized platforms.
The business model centers on handling high-value client assets and transaction data - site selections, portfolio analytics, lease negotiations, property evaluations. This means exposure to financial information, proprietary client strategies, competitive bidding details, and sensitive operational data across multiple verticals. A publicly listed company (NYSE since 2018) with over $10 billion in annual revenue, Cushman & Wakefield faces regulatory compliance requirements around data handling, audit trails, and controls that scale with institutional client expectations.
The firm's 1917 founding as a small family business and subsequent growth to enterprise scale means its infrastructure likely reflects that history - patchwork integrations, systems spanning different eras of security maturity, and business units with varying levels of technical sophistication. Global operations inherently complicate threat models: regulatory fragmentation across jurisdictions, time-zone-distributed incident response, and the difficulty of enforcing consistent security posture when local offices have operational autonomy.