ASIS Foundation research unearths current state of security convergence

ASIS International has published the results of new research conducted by the ASIS Foundation and sponsored by AlertEnterprise. Using survey responses from more than 1,000 security leaders operating around the globe (in addition to upwards of 20 follow-up interviews), the study (which is entitled ‘The State of Security Convergence in the United States, Europe and India’) analyses the relationship between physical security, cyber security and business continuity in modern organisations.

Specifically, the research provides relevant benchmarks to compare strategies, plans and operations and determine Best Practices for creating more effective and cost-efficient security and risk operations.

According to the report, despite years of predictions about the inevitability of security convergence, just 24% of respondents have converged their physical and cyber security functions. When business continuity’s included, a total of 52% have converged two or all of the three functions.

Of the 48% who have not converged at all, 70% have no current plans to converge.

Successful security operations

Most organisations surveyed (67% of converged and 57% of non-converged) report having an enterprise-level security leader. Of those, 79% agree that having an enterprise security leader “enhances the effectiveness of corporate security.” The most successful security operations share the following characteristics:

*physical security, cyber security and business continuity management functions are aligned around one security strategy

*the functions maintain open communication and share information with one another

*security has a voice in the C-Suite and senior leaders provide strong leadership and engagement for the functions

96% of those organisations that have converged two or more functions (ie physical security, cyber security and/or business continuity management) report positive results from the combination, while 72% believe that convergence strengthens overall security. In addition, 44% of converged organisations report no negative results from converging. Even in those companies that have not converged, 78% of respondents believe that convergence would strengthen their overall security function.

Just 7% of those who had converged cited a “reduction in security costs” as a primary benefit of convergence. Notably, 20% of those not converged cited “potential cost savings” as a factor that might convince them to converge their security functions. For individual functions, 58% of non-converged organisations report that cyber security budgets are increasing versus just 49% for converged organisations.

Physical security budgets

Physical security budgets are also more likely to be increasing in non-converged organisations (28%) compared to 24% in converged organisations. On the other hand, business continuity management is seeing a budget increase in 26% of converged organisations compared to just 19% of non-converged organisations.

When asked: “Which of the following factors might convince you to converge?”, the Number One answer cited by 38% of those who had not yet converged was “better alignment of security/risk management strategy with corporate goals.” This was also considered to be the most positive benefit by 40% of the respondents who have already converged two or more business functions.

The most frequent challenges cited in companies that converged were “different cultures and skill sets” (36%), “turf and silo operating tradition” (24%) and the “belief that cyber security requires its own operation” (21%). Notably, more than one-fifth of all respondents (22%, in fact) reported no challenges in converging departments.

“For years, security practitioners have accepted that organisations are increasingly converging their physical security and cyber security functions,” explained Brian Allen CPP, president of the ASIS Foundation Board of Trustees. “This study collected current data to measure trends and progress with converging environments. What we’ve learned is that, although convergence has brought positive results, there’s still much work to be done.”

The ASIS Foundation

The study’s Executive Summary is available free on the Foundation’s website. The full report is available for purchase and complimentary for all ASIS members.

Supported by member and corporate donations, the ASIS Foundation invests in elevating security Best Practice through research and education. The Foundation awarded more than 170 scholarships in 2019.

The ASIS Foundation awards grants and scholarships to help ASIS Chapters and individuals, including those transitioning towards careers in security management, achieve their professional and academic goals.

Governed by a Board of Trustees, the Foundation is supported by generous donations from individuals, allied organisations, ASIS Chapters and Councils and ASIS International. To learn more visit

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts