Cyber and Physical Security Convergence
What is it and why is it important?
Cyber and physical security convergence is the future for tackling modern threats. Security convergence refers to integrating previously siloed security functions into one to mitigate vulnerabilities that exist between functions.
For example, this could involve reorganising separate IT and risk management teams into one, to streamline information sharing and incident response.
Did you know…76% of organisations across the United States, Europe, and India say that convergence has strengthened their overall security posture. |
An international survey of chief executive officers, chief security officers, and chief information security officers found that cyber security receives more funding and scrutiny than physical security. As a result, resource discrepancies between the two functions can lead to increased vulnerabilities being exploited by threat actors.
Why converge security?
Despite the prioritisation of cyber security, physical security threats have not disappeared; instead, they have evolved to merge with cyber threats. The interconnectivity between IT systems and physical devices has introduced new risks for both cyber and physical security systems. One report found that 90% of organisations face challenges to their business operations due to cyber attacks threatening their physical security. In 2023, the BBC found that two Chinese manufacturers of surveillance cameras – Dahua and Hikvision – had a cyber security vulnerability enabling hackers to remotely access and control surveillance cameras. As a result, hackers could observe individuals entering passwords on digital devices and gaining access physical spaces.
This potential for physical security to be breached via cyber attacks highlights the need for security convergence aimed at holistically safeguarding organisations.
Advantages of security convergence
- Stronger security posture
Enables a holistic view of security threats targeting the organisation so management can identify and secure physical and cyber assets. - Improved efficiency
Communication, coordination and collaboration reduces duplicative efforts and better prepares organisations for identifying, preventing, mitigating, and responding to threats. - Common goals
A centralised security function aligns security strategies and practices with the organisation’s broader corporate goals, strengthening business continuity.
Ways to implement security convergence
- Bring together cyber and physical security teams to reduce redundancies between functions.
- Establish a structure for team coordination with clear roles and responsibilities.
- Develop joint security policies that reflect integrated cyber and physical security standards.
- Assess cyber and physical linked assets and regularly test for security vulnerabilities.
- Utilise the cloud to manage cyber and physical security systems and monitor incidents in real-time.
In today’s security environment, converged security is required for organisations to future-proof their security and business continuity. Security convergence is a process that does not happen immediately but over time. There is no standardised approach to implementing converged security, so organisations need to work with their cyber advisors and other specialists tailor it to their specific business objectives. We can support your organisation on developing this framework.
More information about Security Convergence
- Cyber security and physical security convergence on the US CISA website.
How can Crowe help?
We offer a wide range of services that can assess your company’s vulnerability to cyber crime from both internal and external perspectives, including using tried and tested frameworks to establish a robust policy framework to address both cyber security and physical security risks. Speak to a member of the Forensic Services team to find out how we can better help your organisation.
