The Boat's Leaving, Are You On It?

The Necessity of Converging Physical Security and Cyber Monitoring (5 min read)

As we head into Labor Day weekend, just some thoughts around a boat that many companies seem to still be missing. With the large scale adoption of AI combined with a social media fueled emotion factory, the line between physical and digital security has blurred beyond recognition. Large organizations still treat the two as separate disciplines: the security team handling executive protection, access badges, surveillance cameras, and guards, while the IT department manages online threats, firewalls, network traffic, and malware detection. That siloed model no longer meets the reality of modern risk management. Increasingly, threats move fluidly between physical and cyber domains, and effective protection demands the convergence of physical security and cyber monitoring.

The Expanding Attack Surface

The digital transformation of workplaces has dramatically increased the attack surface. Physical systems—from security cameras to building management platforms—are now connected to corporate networks. A malicious actor who compromises a smart card reader or HVAC system can potentially pivot into the corporate network. Conversely, a cybercriminal who steals credentials on the dark web can use them to access physical sites, exfiltrate assets, or plant malware on unsecured devices.

The infamous 2013 Target breach is still a relevant case study (for those that are too young to remember this, please read about it.) Attackers entered the retailer’s network through a third-party HVAC vendor, ultimately stealing data from millions of customers. What began as a physical system compromise turned into a devastating cyber incident. Similarly, ransomware groups increasingly target hospitals, utilities, and transit systems, where digital disruption directly creates physical risks to safety and continuity of operations.

Breaking Down Silos

Physical security and cyber security teams traditionally report through different chains of command and measure different risks. This siloed structure slows response and creates blind spots.  So just put them under the same leader? Problem solved?

Maybe the right first step, but real convergence is not as simple as merging departments into a single unit.  It does require shared goals, interoperable monitoring, shared intelligence, and coordinated response. Security operations centers (SOCs) that integrate online threats and physical threats gain a more complete view of events. By correlating anomalies across domains, they can distinguish routine noise from genuine specific threats and act faster.

Implementation Considerations

Achieving convergence requires careful planning. First, organizations must integrate data streams from physical and digital systems. This can involve upgrading legacy technologies or deploying middleware capable of translating disparate protocols. For a public company, your cyber team will likely have more advanced tools due to existing compliance requirements and the physical team can migrate to them at minimal cost.  Second, governance structures should encourage collaboration: cross-functional threat management teams, unified playbooks, and shared training exercises build trust and familiarity.

Equally important is the human factor. Security professionals often specialize in either physical or cyber domains, and cross-training is essential to bridge the knowledge gap.  A former CSO of mine had the foresight to make several of his leadership team enroll in a rigorous (ok painful) 4-month cybersecurity class to start the journey.  Physical security managers need a baseline understanding of digital threats, while IT analysts should learn the basics of access control, surveillance, and emergency response.

The Road (or Ocean) Ahead

As organizations continue to stall their acceptance of this new reality, a differentiating criterion will emerge based on speed of adoption.  Like it or not, as we continue to embrace smart buildings, the Internet of Things (IoT), and hybrid work, the intersection of physical and cyber vulnerabilities will only expand. Attackers increasingly exploit the weakest link—whether digital credentials, connected sensors, or unmonitored entry points. By converging physical security and cyber monitoring, organizations transform two historically separate functions into a unified shield.

This convergence is not simply a technical upgrade; it represents a cultural shift in how organizations perceive risk. Protecting assets, people, and data in the modern age requires treating digital and physical as inseparable. Those that achieve this integration will be far better positioned to anticipate, detect, and neutralize threats before they escalate.