State of Security Convergence in the U.S., Europe, and India

In early 2019, the ASIS Foundation launched a study to investigate the extent to which organizations in the United States, Europe, and India have converged any two or all three of the following security functions: physical security, cybersecurity, and business continuity management (BCM). I was deeply involved in the research development, implementation, and analysis.

More than 1,000 professionals with senior roles in physical security, cybersecurity, disaster management, business continuity, and related fields responded to the survey. The results? Despite years of predictions about the inevitability of security convergence, just 24 percent of respondents have converged their physical and cybersecurity functions. When business continuity is included, a total of 52 percent have converged two or all of the three functions.

Of the 48 percent who have not converged at all, 70 percent have no current plans to converge. However, there seems to be a growing need for greater communication and collaboration. Fully two-thirds of organizations reported that their physical security, cybersecurity, and/or business continuity departments or functions are working closely together either through convergence, partial integration, or collaboration. Data and follow-up interviews show that companies are organizing their security and BCM functions in a variety of different ways depending upon business needs. Our survey and interview results indicate that multiple models—complete convergence among them—can be effective.

Key takeaways:

1. Strong leadership and a clear security strategy emerged as important factors for effective security regardless of how the functions are organized.

2. Business continuity management is more likely to be converged than physical and cybersecurity.

3. Security convergence produces tangible positive benefits.

4. Saving money is not the primary motivation for convergence. Nor is it a common consequence of convergence.

5. A key driver and benefit of convergence is the desire to better align security strategy with corporate goals.

6. The differences in culture and skillset between physical and cybersecurity present the greatest hurdle to convergence.

ASIS members can download the full report for free. Nonmembers can download it for $195, but you might as well join ASIS for $195 and receive free access to the report. An executive summary of the report can be found at https://www.asisonline.org/globalassets/internal/executive-summaries/convergence-exec-summary-final.pdf