Our increasingly digital world means that organisations are facing a new generation of cyber-physical threats

In the race to protect your organisation’s information and systems from a cyber-attack, it is important not to neglect other vulnerabilities, including those that pose a risk to more than just data. Your organisation may be implementing the latest technology to deter cybercrime, but there are other tangible threats that may affect your business and the safety of your people. These may include theft or sabotage of critical assets, terrorist attacks or natural disasters, from wildfires and flooding to pandemics. All of these events may disrupt business operations, put employees at harm and result in significant financial losses, not to mention the damage to your reputation. That is why corporate security is becoming an increasing priority in the business world.

Emergence of the internet of things

The continued emergence of the internet of things (IoT) is blurring the line that separates what exists in the digital realm and that of the physical world. For example, in 2014 hackers breached the network of a German steel mill to access the facility’s control system. The phishing attack caused significant physical problems for the steel mill, including damage to a dangerous blast furnace that could not be shut down normally. The number of IoT-connected devices is projected to reach 75.4 billion by 2025 – we now need to defend a larger and more complex corporate attack surface than ever before.
 

Securing critical assets

A mature corporate security strategy and risk mitigation measures will help protect your organisation from a wide range of internal and external threats that may affect your operational resilience and most critical assets. These assets include physical and intellectual property,  business processes and the greatest asset – the human workforce.  By securing your critical assets effectively you will be better placed to meet your strategic goals, and help your employees to operate in a safe and secure environment.

Security risks are universal and may impact every industry and sector, from healthcare to transportation, and financial services to utilities. The specific concerns of your organisation — and the severity of those risks — will depend on many factors, including location, type of facility and your business context.

The convergence of physical security and cybersecurity urgently requires investment in a new approach that can deliver success, an effective corporate security strategy and culture that acts as a business enabler:

1. Assess: Identify your critical assets, assess your risk exposure and the maturity of existing controls to create a target state model and roadmap for enhancing your overall security capability.
2. Implement: Develop a coherent security strategy and risk management framework, build and implement effective security policies, processes and controls, and enhance your overall security culture.
3. Embed: Enable ongoing capability monitoring and improvement, helping you maintain a strong security culture and be better-prepared for changes in the threat landscape.​
4. Analyse: Digitise your security management approach bringing deeper, more precise insight, consistency, automation and efficiency.

There appears to be a continuing failure by organisations to understand, who should own the security risk and a tendency to ‘follow the herd’, which often enforces an unoriginal one-size-fits-all approach to security risk management. Could this misalignment between security strategy and the organisation’s broader business objectives expose it to greater operational risk, affect the return on investment (ROI) and potentially cause loss of revenue?

At Deloitte, our consultants are drawn from a broad range of industry, services and governmental backgrounds, bringing unparalleled experience in helping our clients to build organisations that are secure, compliant and resilient in an age of ever-changing risk and connectivity. Combined with understanding corporate needs and business risk, we deliver global security change programmes, integrated with cyber security, crisis management, operational and business resilience.