Only about 1 in 10 (11 percent) organizations have integrated their physical security and cybersecurity teams into one unified department, while more than half (52 percent) of physical security teams say they infrequently interact with their cyber counterparts, according to a new report.
These findings and more are from a survey conducted by Constella Intelligence that was commissioned by ASIS International. The report reveals that organizations are confronting a staggering increase in threats against employees, executives and physical locations. Amid tensions exacerbated by political, social and economic issues, cyber-physical threats constitute considerable vulnerabilities for organizations.
The report showcases the perspectives of more than 300 security professionals within the ASIS community at companies spanning 19 industries and five regions. Organizations surveyed range from 50 to more than 50,000 employees.
Reported risks included increased threats against physical facilities, co-workers and activism-related threats against business practices, while top security priorities included protecting organizations from disgruntled employees or customers, active shooter incidents and travel risks for executives. Despite these risks, nearly 61 percent of organizations surveyed said they do not proactively monitor the dark web for early indicators of emerging threats. Current practices are widely reactive as most organizations only respond to threats after they arise.
During the recent GSX 2022 conference in Atlanta, Constella Intelligence presented four key insights from the survey, including:
- Companies are facing increased physical security threats which are tied to the convergence of digital and physical risk;
- physical security and cybersecurity teams are siloed, rarely operating within the same department and interacting infrequently;
- open source and deep and dark web monitoring for early threat indicators are lagging;
- social, economic and geopolitical unrest is tightening corporate governance.
"As digital activity and physical events continue to converge, we must consider how to protect organizations and their employees from cyber-physical risks effectively," said Constella's director of risk intelligence, Jonathan Nelson. "To ensure a holistic picture of targeted, hybrid security threats, cyber and physical teams need to transcend antiquated paradigms of 'digital vs. physical,' fostering deeper cross-functional engagement and leveraging unified tools to monitor the surface, deep and dark web for early threat signals."
Through their joint analysis, Constella and ASIS identified a widespread need for deeper integration between cyber and physical security teams, as most respondents indicated their organizations would be better equipped to avoid crises if these functions were better aligned and could leverage a single unified platform to monitor potential threats. These responses evidence the relevance of comprehensive digital sphere monitoring capabilities — including coverage of the deep and dark web—to identify and mitigate emerging hybrid threats.
Among other key findings from the survey:
Almost 50 percent of respondents said that the number of physical security threats and incidents at their company has increased compared with last year.
- 51 percent reported an increase in threats against a physical location.
- 43 percent reported an increase in threats against co-workers.
- 42 percent reported an increase in activism-related threats against business practices. Almost 30 percent reported an increase in threats against their senior executives.
- 62 percent of respondents ranked dangerous threats from former employees or disgruntled customers as their top security concern.
Physical and cybersecurity teams are siloed, as only 11 percent said that they are integrated into a single department; 40 percent said that incidents or threats could have been handled better if physical and cybersecurity teams were more tightly integrated.
Sixty-one percent of companies do not leverage a unified platform that proactively monitors the social and dark web for emerging threats, even though 70 percent agree that their company would be better equipped to avoid a crisis if they had one.
Among U.S. companies, 76 percent ranked preventing an active shooter event at one of their locations as their top security priority. The need for security advancements is widely recognized, as every respondent reported organizational plans to invest in at least one security system or activity in the next year.
Security professionals can expect to see greater spending on threat assessment training, real-time monitoring and threat reporting, integrated digital and physical security practices and services from intelligence analysts or experts.
To read the full 2022 Survey Report on Managing Increased Cyber-Physical Security Threats in a Hyper-Connected World, go here.