Thought Leaders

Cost of Data Breaches Continues to Rise Year-Over-Year: It’s Time to Merge Access Control and Cybersecurity into a Unified Model

mm
Published

What do cassette tapes, electric typewriters, and card readers have in common?

If you answered, “They are all technological innovations that emerged in the 1960s,” you are correct.

It’s unlikely you still use cassettes and typewriters at work (or anywhere else), but card readers nevertheless remain a popular tool for office security. That highlights just how much organizations still rely on legacy security solutions, often without realizing the risks.

What’s more, security in the business world has long been bifurcated between access control and cybersecurity. One team has focused on physical threats while another has dealt with digital ones.

However, as new threats emerge from virtually every angle and attack attempts skyrocket, it’s incumbent upon security executives, such as Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs), to bridge the gap between physical and digital security. A joint effort provides a more complete view of not only potential risks but also a more thorough understanding of security efforts. This is true for any company that has intellectual property it wants to protect, which is to say, essentially every business in operation today.

Increasingly, we’re seeing access control and cybersecurity intersect, in part because a breach on one side can ultimately lead to a breach on the other.

Silos have long been a challenge across organizations, but they’re especially risky when it comes to security. Physical and digital security can no longer operate in isolation. By unifying the two, organizations can build a stronger, more resilient foundation—one that better protects their assets, employees, bottom line, and reputation.

From Card Readers to Biometrics

A common mistake among CISOs and CSOs at companies of all sizes is to rely on legacy technology like card readers for physical security, even if they’re aware there’s some risk. Unfortunately, physical security is often not a top priority until a breach occurs. A 2024 Deloitte study found that only six state-employed CISOs report that their states’ cybersecurity budgets cover physical security, down dramatically from 15 in 2022.

When a company is first starting out and only has a few employees, physical security isn’t a major challenge. The business may operate in a building with a security guard in the lobby and have card readers at entrances and exits to the actual workspace. And that may be adequate at the time.

But as office size, locations, and headcount grows, it becomes a lot harder to manage security, which, at least on the physical side, includes authenticating employees as they attempt to enter workspaces and keeping bad actors out. Physical security becomes all the more complicated when multiple offices maintain their own unique security standards, which is nearly impossible to monitor from the top and quite literally opens the door for fraudsters.

And, unfortunately, threats don’t always come from the outside. Say an employee is let go. Physical security focuses on keeping that person out of the building, while the cyber team monitors for potential digital threats. But if they don’t communicate with each other to connect the dots, no one fully understands the risk. And that’s a big mistake.

Key cards are often lost, stolen, or cloned, making them a weak link in security. And it isn’t practical to have a guard at every door in every office. This is where more advanced technology, such as biometric authentication, comes in. It allows businesses to mitigate risk without adding substantially to headcount, which should be music to CISOs’ and CSOs’ (as well as CTOs’ and CFOs’) ears.

A Unified Security Model

Think of it this way: Network security is a pyramid. The most valuable assets with the tightest security, like IP and customer data, sit at the peak. Physical security is the base of the pyramid. And there are assets requiring varying degrees of security in between.

Your CISO/CSO may have taken great pains to secure the data at the top and even in the middle. But if the foundation isn’t secure, the entire pyramid is at risk. All it takes is one bad actor, whether sending a convincing phishing email or slipping through an open door behind an employee, to plug in a thumb drive and trigger a breach that could cost millions. According to an IBM report, the global average cost of a data breach in 2024 was $4.9 million, a 10% increase from the previous year. And that number goes up for industrial sectors, which often include data centers and critical infrastructure.

If your organization has a security team with a holistic view of physical and digital assets, they can better protect the entire pyramid, including all possible attack vectors. Streamlining security operations this way can admittedly be complicated—it’s really a full-time job for a CISO or CSO. But it’s better to make the investment in a unified security model upfront before a costly breach occurs.

The Future of Physical and Digital Security

One certainty is that bad actors will continue their relentless attempts to breach company security for nefarious reasons. To stay ahead, businesses must adopt more secure technologies that don’t disrupt the workplace. Businesses add friction to employees’ day-to-day activities if they are required to swipe badges and enter PINs at every doorway. Sure, it (at least mostly) guarantees only the right people gain access to each room, but it’s a system vulnerable to issues like tailgating, PIN sharing and lost badges. A study found that the average 40,000-person company loses 10,378 key cards/fobs per year.

Biometrics like facial authentication can help remove some of that in-office friction and strike a better balance for all employees, CISOs and CSOs included. By authenticating an employee’s identity with facial biometrics, the staffer simply has to keep walking to be validated in real-time and pass through the access point much faster.

And now, AI is helping biometric systems get smarter over time. With machine learning, these technologies can continuously adapt to natural changes in a person’s appearance, like a new haircut or glasses, without requiring re-enrollment.

Investing in cutting-edge access control technology like this is one of the smartest ways organizations can future-proof themselves. It maintains physical and digital security while also improving the employee experience.

mm

Rick Nee is the Chief Revenue Officer at Alcatraz, the leading provider of AI-powered facial authentication solutions for access control. He is a seasoned security executive with a proven track record of accelerating revenue growth through strategic market execution. A former Marine Corps Infantry Officer, Rick brings a unique leadership background shaped by high-pressure environments and a passion for security that began during his military service. He currently focuses on growth for Alcatraz in key verticals, including data centers, hyperscalers, financial institutions, critical infrastructure, higher education facilities, and more.

Prior to Alcatraz, Rick served as Head of Sales at Authentic8, where he grew the go-to-market team more than tenfold, doubled annual recurring revenue, and secured over 500 enterprise and government customers.