Converging physical security, cybersecurity and business continuity functions — ASIS report shows global progress but a ways to go

by Brianna Crandall — January 13, 2020 — ASIS International, the worldwide association of security management professionals, is pleased to announce it has published new State of Security Convergence in the United States, Europe, and India research conducted by the ASIS Foundation and sponsored by AlertEnterprise.

Using survey responses from more than 1,000 security leaders from around the globe — plus more than 20 follow-up interviews — the study analyzes the relationship between physical security, cybersecurity and business continuity, and the state of their convergence or integration in modern organizations.

It provides relevant benchmarks to compare strategies, plans, and operations and determine best practices for creating more effective and cost-efficient security and risk operations.

According to the report, despite years of predictions about the inevitability of security convergence, just 24 percent of respondents have converged their physical and cybersecurity functions. When business continuity is included, a total of 52 percent have converged two or all of the three functions. Of the 48 percent who have not converged at all, 70 percent have no current plans to converge.

Brian Allen, CPP, president, ASIS Foundation Board of Trustees, stated:

For years, security practitioners have accepted that organizations are increasingly converging their physical security and cybersecurity functions. This study collected current data to measure trends and progress with converging environments. What we’ve learned is that, although convergence has brought positive results, there is still much work to be done.

Among the study’s findings are that having one security leader with one vision is a must, although finding the right talent can be challenging. Companies are more likely to converge business continuity management functions with other security functions than to integrate physical security or cybersecurity functions with one of the others.

Respondents reported that integration provides tangible benefits; although saving money was not expressed as not the primary motivation for convergence, most companies with compartmentalized security report that their security costs for the three individual areas are increasing at a higher rate than for those who have brought the functions together.

The desire to better align security strategy with corporate goals was listed as a key driver and benefit of convergence, while the differences in culture and skillset between physical security and cybersecurity are seen as presenting the greatest challenges; and any integration needs to be customized to fit the needs of the business and its culture.

The study’s Executive Summary is available free on the Foundation’s website. The full report is available for purchase and is complimentary for all ASIS members.