ASIS International has published the results of new research conducted by the ASIS Foundation and sponsored by AlertEnterprise. Using survey responses from more than 1,000 security leaders operating around the globe (in addition to upwards of 20 follow-up interviews), the study (which is entitled ‘The State of Security Convergence in the United States, Europe and India’) analyses the relationship between physical security, cyber security and business continuity in modern organisations.
Specifically, the research provides relevant benchmarks to compare strategies, plans and operations and determine Best Practices for creating more effective and cost-efficient security and risk operations.
According to the report, despite years of predictions about the inevitability of security convergence, just 24% of respondents have converged their physical and cyber security functions. When business continuity’s included, a total of 52% have converged two or all of the three functions.
Of the 48% who have not converged at all, 70% have no current plans to converge.
Successful security operations
Most organisations surveyed (67% of converged and 57% of non-converged) report having an enterprise-level security leader. Of those, 79% agree that having an enterprise security leader “enhances the effectiveness of corporate security.” The most successful security operations share the following characteristics:
*physical security, cyber security and business continuity management functions are aligned around one security strategy
*the functions maintain open communication and share information with one another
*security has a voice in the C-Suite and senior leaders provide strong leadership and engagement for the functions
96% of those organisations that have converged two or more functions (ie physical security, cyber security and/or business continuity management) report positive results from the combination, while 72% believe that convergence strengthens overall security. In addition, 44% of converged organisations report no negative results from converging. Even in those companies that have not converged, 78% of respondents believe that convergence would strengthen their overall security function.
Just 7% of those who had converged cited a “reduction in security costs” as a primary benefit of convergence. Notably, 20% of those not converged cited “potential cost savings” as a factor that might convince them to converge their security functions. For individual functions, 58% of non-converged organisations report that cyber security budgets are increasing versus just 49% for converged organisations.
Physical security budgets
Physical security budgets are also more likely to be increasing in non-converged organisations (28%) compared to 24% in converged organisations. On the other hand, business continuity management is seeing a budget increase in 26% of converged organisations compared to just 19% of non-converged organisations.
When asked: “Which of the following factors might convince you to converge?”, the Number One answer cited by 38% of those who had not yet converged was “better alignment of security/risk management strategy with corporate goals.” This was also considered to be the most positive benefit by 40% of the respondents who have already converged two or more business functions.
The most frequent challenges cited in companies that converged were “different cultures and skill sets” (36%), “turf and silo operating tradition” (24%) and the “belief that cyber security requires its own operation” (21%). Notably, more than one-fifth of all respondents (22%, in fact) reported no challenges in converging departments.
“For years, security practitioners have accepted that organisations are increasingly converging their physical security and cyber security functions,” explained Brian Allen CPP, president of the ASIS Foundation Board of Trustees. “This study collected current data to measure trends and progress with converging environments. What we’ve learned is that, although convergence has brought positive results, there’s still much work to be done.”
The ASIS Foundation
Supported by member and corporate donations, the ASIS Foundation invests in elevating security Best Practice through research and education. The Foundation awarded more than 170 scholarships in 2019.
The ASIS Foundation awards grants and scholarships to help ASIS Chapters and individuals, including those transitioning towards careers in security management, achieve their professional and academic goals.
Governed by a Board of Trustees, the Foundation is supported by generous donations from individuals, allied organisations, ASIS Chapters and Councils and ASIS International. To learn more visit www.asisfoundation.org