A recent survey conducted by Constella Intelligence and commissioned by ASIS International revealed that organizations are confronting a staggering increase in threats against employees, executives and physical locations. Amid tensions exacerbated by political, social and economic issues, cyber-physical threats constitute considerable vulnerabilities for organizations. Reported risks included increased threats against physical facilities, co-workers and activism-related threats against business practices, while top security priorities included protecting organizations from disgruntled employees or customers, active shooter incidents and travel risks for executives. Despite these risks, nearly 61% of organizations surveyed said they do not proactively monitor the dark web for early indicators of emerging threats. Current practices are widely reactive as most organizations only respond to threats after they arise.
The report showcases the perspectives of more than 300 security professionals within the ASIS community at companies spanning 19 industries and five regions. Organizations surveyed range from 50 to more than 50,000 employees.
Constella Intelligence today presented four key insights from the survey at the 2022 Global Security Exchange (GSX), including: (1) Companies are facing increased physical security threats which are tied to the convergence of digital and physical risk, (2) physical security and cybersecurity teams are siloed, rarely operating within the same department and interacting infrequently, (3) open source and deep and dark web monitoring for early threat indicators are lagging and (4) social, economic and geopolitical unrest is tightening corporate governance.
Of the organizations surveyed, Constella and ASIS found that only about 1 in 10 (11%) have integrated cybersecurity and physical security teams into one unified department, and an alarming 52% of physical security teams don't frequently interact with their cyber counterparts.
"As digital activity and physical events continue to converge, we must consider how to protect organizations and their employees from cyber-physical risks effectively," said Constella's Director of Risk Intelligence, Jonathan Nelson. "To ensure a holistic picture of targeted, hybrid security threats, cyber and physical teams need to transcend antiquated paradigms of 'digital vs. physical,' fostering deeper cross-functional engagement and leveraging unified tools to monitor the surface, deep and dark web for early threat signals."
Through their joint analysis, Constella and ASIS identified a widespread need for deeper integration between cyber and physical security teams, as most respondents indicated their organizations would be better equipped to avoid crises if these functions were better aligned and could leverage a single unified platform to monitor potential threats. These responses evidence the relevance of comprehensive digital sphere monitoring capabilities—including coverage of the deep and dark web—to identify and mitigate emerging hybrid threats.
"I have witnessed several significant changes in the security sector since I began my editorial career nearly 30 years ago," said Teresa Anderson, Vice President of Editorial Services at ASIS. "The most fascinating part is seeing how organizations evolve to meet new needs and overcome more advanced obstacles. The increasing convergence of digital and physical risk undoubtedly presents new opportunities for cybersecurity and digital security professionals to work in tandem, perhaps for the first time in their organization's history."
Key findings from the survey include:
● Almost 50% of respondents said that the number of physical security threats and incidents at their company has increased compared with last year.
- 51% reported an increase in threats against a physical location.
- 43% reported an increase in threats against co-workers.
- 42% reported an increase in activism-related threats against business practices. Almost 30% reported an increase in threats against their senior executives.
● 62% of respondents ranked dangerous threats from former employees or disgruntled customers as their top security concern.
● Physical and cybersecurity teams are siloed, as only 11% said that they are integrated into a single department; 40% said that incidents or threats could have been handled better if physical and cybersecurity teams were more tightly integrated.
● 61% of companies do not leverage a unified platform that proactively monitors the social and dark web for emerging threats, even though 70% agree that their company would be better equipped to avoid a crisis if they had one.
Among U.S. companies, 76% ranked preventing an active shooter event at one of their locations as their top security priority. The need for security advancements is widely recognized, as every respondent reported organizational plans to invest in at least one security system or activity in the next year. Security professionals can expect to see greater spending on threat assessment training, real-time monitoring and threat reporting, integrated digital and physical security practices and services from intelligence analysts or experts.