The Growing Convergence of Physical and Cyber Threats: What CISOs and CSOs Need to Know

In my years as Chief Security Officer at organizations like EMC, ADP and TikTok and informed by my years in law enforcment, I’ve witnessed firsthand how the lines between physical and cyber threats have blurred. Rarely are events against persons achieved without the use or aid of technology in some way. ?And as we’ve seen in recent headlines not only in the protection of executives but in general of the protection of people from serious physical harm, , the convergence of these risks is not a theoretical concern—it’s one that needs to be addressed now, and it’s one that is reshaping the security landscape for organizations and their leaders.

The Expanding Attack Surface: From Office to Home

From a Business Protection perspective, traditionally, cybersecurity has focused on protecting networks, devices, and data within the corporate perimeter. Physical security has focused on ensuring the safety of corporate facilities and individuals as they conduct business on behalf of the business. Today, however, the surface of threat and protective focus is expanding to the personal lives of the executives and critical employees of these companies and the boundary between these two domains continue to dissolve due the a very technologically engaged society.

As highlighted in the Ponemon Institute's recent study, 42% of executives or their family members have been targeted by cybercriminals, with attacks ranging from malware and phishing to doxxing and physical attacks. This expanded attack surface puts executives and their organizations at unprecedented risk.

Real-World Examples of Convergence

Let’s consider a few scenarios where physical and cyber risks overlap:

• Doxxing Leads to Physical Threats: Cybercriminals expose an executive’s personal details online, including their home address, their children’s schools, and their family ?travel details. This information becomes a roadmap for potential physical harassment or attacks.
• Smart Device Exploits at Home: Hackers infiltrate smart home devices to spy on executives, gathering sensitive information that can be used for blackmail or competitive advantage. Think about connect cameras etc.
• Cyber Attacks on Personal Devices Lead to Ransomware: As seen in the 2014 Sony Pictures and 2017 Equifax breaches, an attack on an executive’s personal laptop can lead to stolen intellectual property or unauthorized access to corporate systems.

These examples underscore a critical point: protecting executives requires a holistic approach that encompasses both their physical and digital lives, both in the office and in the home.

Key Findings: The Gaps in Current Protections

Despite the rising threats, most organizations remain unprepared. According to the Ponemon study:

• 62% of respondents believe cyberattacks on executives are highly likely, yet only 38% have teams dedicated to mitigating such risks.
• 50% believe physical threats to executives are highly likely, but only 41% of organizations assess these risks comprehensively.

There is no silver bullet but let me suggest the following 4 actions that C(I)SO's can take in 2025 to gain traction and deliver better protection to those individuals critical to the resilience of your business:

1) Take a Converged Security view of your Executive and Employee Protection programs to enable force multiplication, leverage existing capabilities, and encompass the totality of the dynamic threat surface both electronic and physical.

2) Take a Risk based / informed approach to program requirements and service levels needs using internal and external threat intelligence professionals.

3) Don’t go it alone.? Accelerate your time to protection by using services that can provide automated full time protection in key areas like digital defense and threat monitoring.

4) Add Incident Response playbooks for the most common / probable threat to your principals based on their risk level and exposure.

The threats to every company and every executive are different based on many factors. No two Executive & Employee Protection (EEP) Programs will ever be alike ?but what is in your control is the ability to make faster, more informed and accurate decisions that accelerate time to defense and the completeness of the protection services necessary for those entrusted to your care.

?

#cso #ciso #converegedsecurity #digitaldefense #executiveprotection #employeeprotection #riskmanagement