A national museum suffers an IT outage after a terminated technology contractor gains access to an unauthorised area of the building and turns off the IT systems. Cyber defences are of limited value when the server-room door is left open.
A CEO travels to a high-risk country. The physical security team provides her with armed guards. Cyber security is not consulted, and the geolocation functionality on her laptop is left on. A criminal group targeting the company’s IP tracks her movements and steals her laptop.
A telecoms company discovers an insider has been providing a nation-state actor with access to the company’s systems. The employee went undetected for two years because the physical security team does not have access to cyber data on staff network activity. The tell-tale signs of unusual logins and declassification of sensitive documents were missed.
From cyber espionage and intellectual property theft to fraud, threats to senior executives and deep fakes, criminals, terrorists and nation states use the full spectrum of methods to target simultaneously across digital and physical domains. The bad guys don’t respect our organisational silos – unless we find ways to bridge these gaps, companies will be vulnerable in the face of the heightened and interconnected security threats they face.
Convergence has been heralded as the organisational solution, joining together physical and cyber security teams. But 85% of multinational corporations have chosen not to converge, and most say they have no intention of doing so. There are certainly benefits for those companies that manage to bring the functions together, but the cultural, practical, and financial are a powerful deterrent for most.
We need to shift our focus from convergence and wholesale organisational redesign towards partnership through holistic security to reach security maturity
What is Holistic Security? It's not about reorganising corporations; it's about behavioural change. It's about building a genuine partnership of equals between physical and cyber security teams, with a focus on outcomes rather than org charts. It's about cultures, teams, habits, and incentives that prevent us from reverting to old, siloed ways of working when things get tough. It provides a company with a comprehensive security service through effective teamwork and the use of shared technology and resources – but without merging the two teams together.
The Clarity Factory Holistic Security Maturity Model provides a step-by-step process to assess your organisation's security maturity and achieve continuous improvement. Security leaders can use the model to initiate discussions with one another or have the conversation together with business leaders.
The journey toward holistic security has commenced, but maturity levels in most multinational corporations remain low. The Holistic Security Maturity Model offers a practical tool to help security leaders get started, identify areas for joint working, and institute the incentives, processes and working practices that underpin an effective partnership culture.