The Convergence of Physical and Cyber Security

By Bernhard Mehl
May 21, 2018

Cyber security is increasingly becoming an important aspect of physical security, as both of these security solutions begin to converge. Here's what you need to know about the benefits (and drawbacks) of this integration.

What Led to the Convergence

Late May 16, 2018, homeowners found their Nest security systems no longer accessible, as their cloud service was down. The cause of this remains unknown, but the result was clear: many security system features were either reduced or entirely removed.

Physical and cyber security have been entwined since the very first security system was disabled remotely. The convergence of physical and cyber security is not a new one, but rather a growing threat. As the Internet of Things grows and more security solutions operate through virtualized systems, it becomes necessary to take a look at how physical and cyber security are interacting with each other. Consider a modern building, in which the HVAC system, video surveillance feeds, and access control systems are all network-enabled and network-accessible. A single security breach could compromise the entirety of the building's physical infrastructure, from the motion-activated cameras to the sprinklers that take care of the lawn.

Businesses (and even homes) are now laced with Internet of Things devices; network-capable devices that provide better comfort, convenience, and security through technology. Unfortunately, many of these devices are poorly secured, both on a hardware and software level. There are few security standards that these devices need to meet -- and a single device being compromised could compromise the entire network.

What Does Convergence Mean for Businesses

For the modern business, what does it mean when physical systems and cyber security converge? Businesses today are more vulnerable than they may believe. Small to mid-sized businesses are increasingly being targeted by criminal attackers. Businesses need to be aware that a security flaw in their network could lead to a physical security breach. Access systems, security cameras, and even telephone systems are now often controlled through the organization's network. If the appropriate steps haven't been taken to secure that network, the business could very well be vulnerable.

Benefits to the Convergence

It's important to note that the physical and cyber security convergence is not incidental; rather, it has developed over time as the most convenient and effective means of managing security. Flaws exist in this system only insofar as the systems are not appropriately protected and maintained.

When physical security and cyber security are connected, both can operate more effectively. Physical security systems are now augmented with advanced smart features, such as the ability to use two-factor authentication through the network, or biometric scanning for physical access. Something as simple as connecting motion-activated cameras to a network can add value to the security system, by automatically recording videos to the cloud and sending out alerts when motion is detected.

Cyber solutions give physical security access to a tremendous feature set -- but also increase the risk of the system being compromised. If the system is properly protected, these risks disappear, leaving behind only the benefits.

Physical and cyber security convergence is only going to become a more serious issue, as the boundaries between physical security and virtual systems continue to blur. Organizations need to take proactive steps to protect themselves, by locking down their cyber security and ensuring that each of their physical systems is appropriately installed, updated, and maintained. Business owners need to be vigilant: many physical systems are now internet connected and internet capable, subjecting them to the same amount of risk as any other device on their network.


Phone-based systems are not just a small-business solution. CEO of Kisi, Bernhard Mehl, comments: “If you see the average of three doors connected then that might seem low but, in reality, one door relates to around 50 employees—so those are locations with about 150 people on average, including satellite offices. That’s quite significant.”

Mobile Access Control Adoption by Industry

Kisi examined which industries are investing the most in mobile access control technology. To do so, the average size of mobile access control installation projects by industry were measured. Commercial real estate topped the list with 23.5 doors running mobile access per facility. Education management came in last with 1.0 door running mobile access per facility. 

Physical Security Statistics: Mobile Access by Industry

The number of shooting incidents at K-12 schools, according to the CHDS, reached an all-time high at 97 incidents in 2018—compared to 44 in 2017. Cloud-based access control companies, like Kisi, offer a lockdown feature for active shooter situations or emergencies, making it an effective protective layer for places that are targeted, such as religious institutions, which come in near the top of the list with 4.0 doors running mobile access per facility. 

Based on industry size, it makes sense that commercial real estate tops the list, with 23.5 doors running mobile access per facility. Cloud-based access control enables these larger organizations to scale more seamlessly and allows large organizations, like telecommunications, to deploy the most manageable IT solutions available, eliminating the need to create and manage a business’s own IT infrastructure over time.

“Commercial real estate is, of course, the driver of mobile adoption since they have the largest buildings,” Mehl adds. “The key here is to show that mobile-first technologies are not a risk but an innovation that brings positive ROI and allows agencies to reposition their buildings as forward-thinking establishments.”

The scalabelilty and ease of use in onboarding an organization allows many different types of industries and businesses of different sizes to adapt a cloud-based access control system, either using keycard or mobile credentials for access. 

Mobile Access Control by State

Looking specifically at the United States, Kisi analyzed in which states companies are investing the most into upgrading to smartphone-enabled access systems. Of the currently installed base of access control readers, around 20 percent will be mobile capable by 2022, according to a recent IHS report. Cloud-based systems, like Kisi, are future-proof—allowing over-the-air updates in real time and unlimited scalability for users.

“Mobile unlock technology makes you think of the major tech hubs like New York, San Francisco or Los Angeles,” Mehl adds. “Looking at which states have the largest projects, it’s surprising and refreshing that those are not the typical ‘tech cities, and yet that’s where access control technology really makes an impact.” The fact that the largest projects are seen in states outside of the typical tech startup landscape is evidence that mobile access control is highly applicable across industry sectors.

For further questions about this study, reach out to Kait Hobson (

Bernhard Mehl

Bernhard is the co-founder and CEO of Kisi. His philosophy, "security is awesome," is contagious among tech-enabled companies.

Stay updated with Kisi about news and feature releases

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
IT Advice
Useful Resources