Get your FREE Cyber Health Check Today
Back to all News

The Blended Threat: Physical and Cyber security

February 4, 2025

Back to all News

When the term Cyber is used, most people immediately think of companies losing data, ransomware attacks, or online services being lost. In other words, the Digital impact.  

But that’s not always the intent of the attack being made. We live in a world where our personal and business lives coexist online, and physical and digital overlap and intersect. 

It should be no surprise therefore, that physical, digital, and cyber security constantly intersect and are as connected as never before. 

The aim of a cyber-attack can be to enable a subsequent breach in physical or personnel security, resulting in a contagion effect of vulnerabilities for companies, their staff, and also high net worth individuals. 

This blending of the threat landscape that results from our lives being lived online, requires an equally blended security strategy to formulate a defence.

Comprehending the Cyber-Physical Blended Threat

The nature of the blended threat means that the cyber and physical elements are interwoven, a physical breach of access to your offices, or the stealing of equipment. 

Equally, a cyberattack can disable physical security controls, opening the gates for physical breaches. This cycle is self-perpetuating, enabling and supporting follow on attacks. 

These threats require a convergence of security measures to continuously tackle both fronts simultaneously.

Business Travel Scenario  - Example Case Study 

Your company takes the security of your Board members and key management personnel seriously, including on business trips abroad. 

Indeed, your Board recently took out Kidnap and Ransom (K&R) insurance for these high profile individuals, which included some free risk advisory consultancy paid for by the insurer. 

Alongside this, your company has contracted with a Physical security consultancy to provide Personnel security services to this core team. 

Separately, your company has a Cyber Security team, inhouse or outsourced, which coordinates the company’s cyber security management for your firm.

However, the blended Cyber-Physical threat is not in a “silo” and will target the most vulnerable and often overlooked parts of your company’s security and the individuals within it. 

If we take the example of Director X, a high profile member of the core management team, and a frequent business traveller to visit clients throughout South East Asia. 

Director X is considered a potential kidnap target and so is covered under the K&R policy. As part of the reconnaissance for a potential kidnapping Director X may well be followed to an airport to try and intercept his / her communications and so steal useful security credentials. 

Equally, the potential victims home router may be identified and malware installed, or home wifi credentials stolen using an attack via social media on a family member. 

That access is then easily used to ascertain calendar and travel arrangements. 

Break Down Cyber and Physical Security Silos

Companies have historically managed physical security and cybersecurity in their own silos. 

However, in recent years as technology has evolved, with internet connected devices having doubled in the past five years and likely to do so again by 2030, the siloed approach to security is no longer viable. 

Fostering an integrated security strategy, protects against blended cyber-physical threats, establishing integrated defence in depth over time. As the digital eco system, companies, and technology evolves, the convergence of security threats requires a blended response in the delivery of resilient security practices. 

Learn more about Building a Cyber-Resilient Business.

Integrated security is not just locks and doors, devices and firewalls, it is about understanding what you have that the attacker wants, and how they can combine physical and cyber tools to achieve that. 

A comprehensive and cohesive system of defences is needed if you are going to confidently protect the people that work for your company, as well as its assets, reputation, and revenue generation.

To effectively address these evolving threats, adopting a threat-led approach is essential, as discussed in A Threat-Led Approach to Cyber Defence.

Digital Oversight via its CONSULT service can assist your firm to break down the silos and adopt an integrated physical and cyber security approach.

If you're ready to take a proactive stance against blended threats and strengthen your security posture, get in touch with us today to learn how our CONSULT service can help.

Related posts

Your Cyber Ecosystem Risk is Fraught with Dangers

Any reflection on cyber security must consider the digital eco system your business operates within. 
Read more

Strengthening Your Business Against Cyber Threats

In the current global digital landscape, it’s no secret that cyber threats are evolving at an alarming rate. Businesses of all sizes, from small startups to large corporations, are at risk of falling victim to cybercriminals. 
Read more

The Cybercriminals – from Nation State to Criminal Gangs

Below you will find a very high-level overview of Cyber threat actors, and an explanation of why an SME can be targeted by highly sophisticated hacking tools, just as easily as a large corporate. This is not a list of the groups or the typical threats any one cyber group may pose but sets out to make all SMEs aware, in general terms, what they are up against.
Read more

Web Application Security – SecDevOps

Businesses rely heavily on web applications to engage with customers, streamline operations, and drive revenue. As the digital eco-system expands and cyber threats grow in complexity and frequency, integrating security into every phase of software development is essential for safeguarding valuable data, maintaining customer trust, and ensuring the resilience of business operations. 
Read more

Benefits of Cyber Risk Quantification

As the cyber threat landscape continues to evolve, organisations face increasing pressure to manage their cybersecurity risks effectively. For executives and Boards, understanding and prioritising these risks in a way that aligns with business objectives can be a daunting challenge. 
Read more

Why Your Small Business is a Prime Target for Cyberattacks, and How to Fight Back

Cybercriminals more frequently target small and medium-sized businesses (SMEs) than large companies, often due to their lack of security resources. Small businesses are three times more likely to be targeted by cybercriminals than larger companies. 
Read more

The Strategic Benefits of Vulnerability Management and Scanning

In an evolving cyber threat landscape, complacency can be your downfall. Assumptions about the security of your IT environment can leave you vulnerable to attacks, which are becoming more and more sophisticated.
Read more

How to Prepare for EU DORA Ahead of January 2025

The EU Digital Operational Resilience Act (DORA) is shaking up the financial industry. This game-changing regulation sets a new standard for operational resilience and cybersecurity within the European Union.
Read more

A Complete Guide to Cyber Vulnerability Management

In the world of cybersecurity, there's a chilling truth: it's not a matter of if you'll be attacked, but when. As Robert S. Mueller, former Director of the FBI, aptly put it a number of years ago..
Read more

A Threat-Led Approach to Cyber Defence

Adopt a proactive, risk-based approach to cyber defence with threat intelligence integration, ensuring resilience against evolving cyber threats.
Read more

Cyber Vulnerability Scanning: A Complete Guide

This guide explains how proactive vulnerability scanning reduces security risks, ensures compliance, and strengthens business reputation by identifying and addressing system weaknesses before cybercriminals can exploit them.
Read more

Why UK Companies Need to Prepare For The EU's DORA

DORA, an EU regulation effective January 2025, mandates strong cybersecurity for financial institutions with EU ties. UK companies, even if not EU-based, must comply if they serve EU clients or use EU-based ICT providers. Non-compliance risks fines, reputational damage, and loss of EU business.
Read more

Building a Cyber-Resilient Business

Cybersecurity is a strategic business risk, requiring senior management oversight and partnerships across all functions, including insurers, to create resilience and protect operations, revenue, and reputation from cyber-attacks.
Read more

Four Corners Model

The digital economy today, the interconnectedness and interdependence of business operations, and the controls that are in place, are constantly challenged by cyber threat actors and the increasingly sophisticated attacks they deploy. 
Read more