INDUSTRY PROFESSIONAL

Defining a Role

As cyber and physical security converge, the role of the chief security officer must evolve

  • By Mark Herrington
  • Apr 01, 2022

The sudden long lines at gas stations in the United States, last May were for many, a surprising sight. Indeed, the situation emerged without warning: A ransomware attack disabled computer systems for a major regional provider, Colonial Pipeline, creating shortages and panic-buying. In North Carolina alone, 68 percent of gas stations were out of gas.

The scenes clearly illustrate an emerging conundrum for organizations: Cyber security and physical security are converging. As more systems become interconnected, business operations increasingly depend on digital infrastructure to manage everything from the supply chain and power grids to intellectual property.

Cascading Effects of Dynamic Risk
In 2021, organizations contended with several massive-scale threats, including.

  • One of the largest disruptions of supply chain availability the world has ever seen
  • A record year of security vulnerabilities, particularly to our critical infrastructure
  • The deadliest year for major weather disasters in four years
  • The worst assault on the U.S. Capitol since 1812
  • An all-time high in the number of people working from home

In fact, 99 percent of security and risk management professionals experienced a critical event in the past 18 months, according to a commissioned study conducted by Forrester Consulting. These incidents show no signs of abating. The wide scope of such critical events means no business function or industry can escape the impact.

It is also clear from this list that threats are no longer isolated events. In the modern world, risk is dynamic and complex. Risk A has a high potential to evolve into Risk B. That is, a hacker may steal intellectual property from your most important supplier and potentially impact your operations or revenue goals, as the following examples show.

Supply chain. Hackers breached the servers of Quanta Computer, stealing and leaking proprietary schematics of Apple products. Though the attack didn’t affect Apple’s business operations, the threat to a supplier underscores the fragile link between digital and physical assets.

Critical infrastructure. During a breach of a Florida water treatment facility last year, a hacker reset chemical levels to a potentially dangerous range. The event significantly concerned the Biden administration, which announced plans to bolster security for the sector.

People safety. A ransomware attack can delay or even prevent hospitals from providing critical patient care.

This conundrum – that cyber risk rolls into physical risk – is transforming the chief security officer’s role.
Faster than expected, they’ll need to almost think like a CEO and take a wider view of organizational risk and a more proactive role in responding to these new realities. To get there, here are three key changes you can make right now.

Cultivate a culture of organizational resilience. An initiative as important as this must start at the top, with a leadership vision that outlines what organizational resilience means to your business. Achieving a culture of organizational resilience will require both a shift in thinking as well as a new framework.

The convergence of cyber and physical security points to what should be an obvious fact: Leaders should recognize their functional areas are no longer unique, separate operations. They often overlap or intersect, impacting others. With disrupted events so tightly correlated, collaboration among teams isn’t simply a nice to have. It is table stakes.

The interconnectedness of systems means risk can no longer be handled by individual teams. If a physical threat emerges from a security breach, you’ll need help from human resources, finance, corporate communications, disaster recovery, enterprise risk management, IT, cyber security and physical management, etc. That is why it’s crucial to bring together the right people from across the organization and agree on common objectives and goals.

Eliminate operational silos. With the right people at the table, look at what’s keeping you from accomplishing your vision. What are the pain points – both operationally and externally – hindering you from mitigating risk?

Often, decision-making happens in silos and stands in the way of resilience.

The key to breaking down operational silos is a unified view of risks impacting the whole business. Once you can see the big picture, it is time to expand business continuity programs so you can manage risk more effectively. You’ll need to evaluate and document the risk appetite and tolerance levels of each functional group for product or service delivery disruptions to their internal and external stakeholders. Finally, ensure everyone is on the same page and reaching for the right goals with a set of combined metrics.

Embrace AI and automation. Organizations have more data and information than ever before. In fact, with 2.5 quintillion bytes of data now being created daily, 90% of the world’s data has been created in just the last two years. New information is being created, and at times replicated, every second.

It is no longer humanly possible to monitor and track developments even within your own systems, in a timely manner. AI-powered risk intelligence will help you monitor dynamic risk at scale. Automation can be used to identify and act on the cascading impact of a cyberattack, from activating response teams to alerting those who may be impacted.

It is not enough to know a storm is coming. For faster, better decisions, you also need to know which operations may be affected and which employees are in the path. A single platform combining big data, artificial intelligence and automation of key resilience processes is your best bet for a 360-view of any critical event impacting your business.

The key is you don’t have to sit and wait for the next crisis before you manage it. Much can be done in advance – from identifying the right teams to engage to uncovering the gaps and breaking down silos.
Without question, risk is now a board-level conversation. As cyber security and physical security continue to merge and physical threats become more dynamic, security leaders must understand how their people, places and technology must change to get ahead of these complexities in 2022 and beyond.

This article originally appeared in the April 2022 issue of Security Today.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.