Facilities management is undergoing a quiet but consequential transformation. According to Johnson Controls’ 2026 AI and Digitalization in Facilities Management Report — which surveyed 760 U.S. business leaders and 260 facility managers (FMs) — organisations are rapidly deploying artificial intelligence to optimise building performance, reduce energy costs and strengthen physical security. Yet the same report signals that cyber risk and integration failures threaten to cap those gains before they are fully realised.

The sector’s enthusiasm for AI is well-founded, but its execution remains precarious. Adoption is now widespread — 65% of business leaders and 67% of FMs report already using AI for facility operations — yet the critical enablers of integration, security governance and data quality continue to lag behind the pace of deployment. Three structural weaknesses demand urgent attention: the primacy of cyber risk as both a barrier to AI expansion and a direct threat to operational uptime; the fragmentation of technology ecosystems that prevents organisations from extracting full value from their investments; and the growing misalignment between facilities teams’ expanding responsibilities and the resources available to meet them.

Cybersecurity has moved from a peripheral concern to a central constraint in facilities management. The Johnson Controls report finds that 22% of business leaders cite data privacy and cybersecurity as the single biggest obstacle to expanding AI use — outranking budget constraints, skills shortages and resistance to change. Cyber attack risk is also ranked the top threat to equipment performance and uptime by 22% of respondents, ahead of ageing infrastructure and budget limitations. This is consistent with broader industry intelligence: according to Claroty’s 2023 State of CPS Security report, 75% of critical infrastructure organisations experienced a cyberattack in the prior 12 months, with operational technology (OT) environments increasingly in the crosshairs.

The implications for FM leaders are direct. As building systems grow more connected and the boundaries between IT and OT dissolve, facilities teams bear responsibility for a threat landscape once managed exclusively by IT departments. Reactive security postures are no longer viable: the cost of unplanned downtime or a breach of connected building infrastructure now extends well beyond the facilities function, spanning supply chains, compliance obligations and reputational risk.

The integration problem runs deeper than most technology roadmaps acknowledge. The Johnson Controls data shows that 33% of business leaders identify ease of integration as the single most desired improvement to their workplace management systems — ahead of cost, reliability and ease of use. For FMs, data quality and integration challenges rank as the leading barrier to AI expansion. Fragmented systems prevent the cross-platform data flows that give AI its predictive power, and when building management, energy monitoring and security platforms cannot communicate, AI-driven insights lose both accuracy and actionability. Gartner has consistently warned that organisations operating siloed digital infrastructure are slower to act on operational intelligence and more exposed to efficiency losses.

The resource gap facing FM teams is widening at precisely the wrong moment. The Johnson Controls report reveals that 72% of FMs say labour shortages have a moderate to severe impact on their ability to meet operational goals, whilst more than 19% identify budget constraints as their top challenge. Rising energy costs, ageing assets and deferred maintenance are compounding these pressures. The conditions that make AI adoption most necessary — stretched teams, complex systems, limited budgets — are the same conditions that make successful AI implementation hardest to achieve.

Resolving these structural tensions requires coordinated action at the leadership level. Organisations should consider the following priorities:

  • Adopt security-by-design for all AI deployments, embedding zero-trust architecture and privacy-by-design principles from the outset rather than retrofitting them after incidents occur
  • Establish joint FM-IT governance structures that treat OT and IT cybersecurity as a shared, board-level responsibility, with unified risk frameworks and regular cross-functional audits
  • Prioritise interoperability in vendor selection, demanding open-standard APIs and clear integration roadmaps so that new AI tools connect with existing systems rather than adding to fragmentation.
  • Quantify downtime and breach costs in financial terms to make the business case for greater FM investment in a language the C-suite will act on.

The direction of travel in facilities management is clear: AI-driven predictive maintenance, energy optimisation and physical security will define operational excellence in the years ahead. Yet the Johnson Controls findings serve as a necessary corrective to uncritical optimism — the gap between AI adoption and AI value is real, and it is widening where cyber risk and integration failures go unaddressed. Organisations that treat security and interoperability as foundational investments rather than afterthoughts will be best placed to turn connected buildings into genuine competitive assets.

(The views expressed by the writer are his/her own and do not necessarily reflect the views or positions of BusinessRiver.)