New research on state of security convergence

Security convergence has emerged as one of the most discussed and debated topics over the past few years in security, becoming a theme and backdrop that enters into, and many times, dictates conversations among top thought leaders in the industry today.

That is why I was excited to dive into new research from the ASIS Foundation, which just published its State of Security Convergence in the United States, Europe and India.

What I like about a study like this is it gives the industry a way to measure where we are in this security convergence movement, which is also part of what is being described by many outside and within security as the digital transformation.

Interestingly, although many are talking about “convergence,” ASIS found that only 24 percent of study respondents have converged their physical and cybersecurity functions. When business continuity is included, a total of 52 percent have converged two or all of the three functions. Of the 48 percent who have not converged at all, 70 percent have no current plans to converge.

“For years, security practitioners have accepted that organizations are increasingly converging their physical security and cybersecurity functions,” said Brian Allen, CPP, president, ASIS Foundation Board of Trustees. “This study collected current data to measure trends and progress with converging environments. What we've learned is that, although convergence has brought positive results, there is still much work to be done.”

Not surprisingly, the study found that security convergence produces tangible positive benefits, with 96 percent of organizations that converged two or more functions (physical, cyber and/or BCM) reporting positive results from the combination, and 72 percent saying that convergence strengthens overall security. In addition, 44 percent of converged organizations report no negative results from converging. Even in companies that have not converged, 78 percent believe that convergence would strengthen their overall security function.

While saving money is not the primary motivation for convergence, a key driver and benefit of convergence is the desire to better align security strategy with corporate goals, ASIS noted in the executive summary. When asked, “which of the following factors might convince you to converge?” the number one answer cited by 38 percent of those who had not yet converged was “better alignment of security/risk management strategy with corporate goals.” This was also considered the most positive benefit by 40 percent of the respondents that already converged two or more functions, the study found.

Interestingly, the main barriers to convergence were “turf and silo issues,” said one survey respondent. “Everyone wanted to safeguard his responsibilities, his people, his budget, his prestige and his importance to the company.”

Using survey responses from more than 1,000 security leaders from around the globe — plus more than 20 follow-up interviews — the study analyzes the relationship between physical security, cybersecurity and business continuity in modern organizations. It provides relevant benchmarks to compare strategies, plans and operations and determine best practices for creating more effective and cost-efficient security and risk operations.

The study's executive summary is available free here. The full report is available here for purchase and is complimentary for all ASIS members.

Supported by member and corporate donations, the ASIS Foundation invests in elevating security practice through research and education. The Foundation awarded more than 170 scholarships in 2019 totaling more than $75,000.