The Urgent Need for Integrated Physical and Cybersecurity Teams

Casper Eloff, M.Sc. MBA. CSMP, Head of Corporate Security, the Mosaic Company [NYSE: MOS]

In an era where security threats and their severity evolve at an unprecedented pace, the traditional silos separating physical security and cybersecurity teams are no longer sustainable. Modern adversaries exploit the seams between these domains, leveraging hybrid attacks that combine physical breaches with digital intrusions to devastating effect. To counter these sophisticated threats, organizations must integrate their physical and cybersecurity teams into a cohesive force capable of holistic threat detection, response and prevention.

In many companies globally, cybersecurity teams have been absorbed into the organization’s IT Department and, in some cases, buried deep into downward IT layers. The latter is to distaste the cyber function since cyber professionals see themselves as a security function. The same can be said for Physical security teams being buried deep under an organization’s Occupational Health and Safety department and in some cases, buried in layers, preventing a direct voice to the organization’s leadership—all of the abovementioned hamstring the overall security (physical & cyber) function’s effectiveness.

The Convergence of Threats

The line between physical and cyber threats has become blurred. Consider a scenario where a phishing email grants attackers access to a corporate network, enabling them to turn off physical security cameras or unlock doors remotely. Conversely, a physical breach, such as an intruder gaining access to a server room, compromising sensitive data, or installing malware directly onto critical systems. Recent incidents, like the 2021 Colonial Pipeline ransomware attack, demonstrate how digital vulnerabilities can disrupt physical infrastructure, halting fuel distribution across the U.S. Southeast. Similarly, physical security lapses, such as unmonitored access points, have enabled insiders to steal data or sabotage systems. Not to mention the Duty of Care function, which both security disciplines look after when employees travel, must protect roaming devices and the physical person traveling.

These hybrid threats exploit the disconnect between physical and cybersecurity teams. Physical security teams focus on physical risk management, such as adverse media and global Incident Alerts, Security Travel Management, Access Control, Surveillance, Perimeter Defense and many more. They often use tools like CCTV, Physical Identity Access Management (PIAM) platforms, Travel Managers, Deep and Dark Web Scanners, etc.

“Modern threats no longer fit neatly into 'physical' or 'cyber' categories. To defend against evolving attacks, organizations must unite their security teams into a single force capable of detecting, preventing and responding to risks across all domains.”

Cybersecurity teams, meanwhile, prioritize things like Network Protection, Data Classification, Identity Access Management, Firewalls, Device Edge Protection, Intrusion Detection and more. In many cases, the two groups utilize the same technology and platform for their different needs. Without integration, neither team has a complete view of the threat landscape, leaving organizations vulnerable to attacks that span both domains.

The Case for Integration

Integrating physical and cybersecurity teams creates a unified defense posture. If complete integration is not possible, a “Fusion Group” or “Fusion Center” at a GSOC or SOC (Global Security Operation Center) level could be a viable alternative. By sharing intelligence, resources and strategies, organizations can detect, deter, delay and respond to threats more effectively. For instance, correlating data from physical access logs with network activity can reveal insider threats or unauthorized access attempts. A 2023 study by the SANS Institute found that organizations with integrated security operations centers (SOCs) that combine physical and cyber monitoring reduced incident response times by 40% compared to those with siloed teams.

Integration also enhances prevention. Physical security teams can implement biometric authentication or tamperproof hardware to protect critical IT infrastructure. Cybersecurity teams can monitor IoT-enabled physical security devices, such as smart cameras, for vulnerabilities. Joint training programs can ensure both teams understand the interplay between physical and digital risks, fostering a culture of collaboration.

Challenges to Overcome

Despite the clear benefits, integration faces hurdles. Organizational silos, driven by differing priorities and reporting structures, often hinder collaboration. Physical security teams may report to facilities management, while cybersecurity teams fall under IT, creating communication gaps. Budget constraints can also limit investments in crosstraining or integrated technologies, such as unified security platforms that combine video analytics with network monitoring.

Cultural differences pose another challenge. Physical security professionals may prioritize tangible threats, like unauthorized entry, while cybersecurity experts focus on abstract risks, like zero-day exploits. Bridging this gap requires leadership commitment to align goals, establish joint protocols and invest in technologies that enable realtime data sharing.

A Path Forward

To achieve integration, organizations should take concrete steps. First, a unified security operations center that integrates physical and cyber monitoring should be created and staffed by cross-trained personnel. Second, adopt technologies that bridge both domains, such as AI-driven analytics correlating physical and digital anomalies. Third, regular joint exercises should be conducted to simulate hybrid attacks, building trust and team coordination. Finally, leadership must champion a cultural shift, emphasizing that security is a shared responsibility, not a divided one.

The modern threat landscape demands a paradigm shift. Siloed physical and cybersecurity teams are ill-equipped to counter hybrid attacks that exploit both domains. By integrating these teams, organizations can build a resilient defense that holistically anticipates, detects and mitigates threats. The cost of inaction is too high—data breaches, operational disruptions and reputational damage await those who fail to adapt. Now is the time to break down silos and forge a unified security strategy for the challenges of today and tomorrow.