Why Unifying Physical and Cybersecurity Is Beneficial to Organizations in the Middle East

Ensuring security upgrades are successful requires close collaboration between physical security, cybersecurity and/or IT security departments.

By: Sam Cherif,  Senior Director, Regional Business Head, MEA

In the Gulf region, national digital strategies, mega-projects, and critical infrastructure programs are transforming the security landscape. Today’s access control systems are multi-taskers, going beyond just protecting against unauthorized entry to now integrating with other mission-critical organizational areas, including human resources (HR), facilities, information technology (IT), and building management systems like heating, ventilation, and air-conditioning (HVAC) and environmental services. This shift is reshaping various operational frameworks, including procurement and decision-making processes around upgrades, while also eliminating the siloes between physical access control and cybersecurity.

Installers, integrators, consultants, and vendors who deal directly with the end user increasingly must balance multiple demands and influences from several departments when upgrading systems.

According to HID’s 2024 State of Access Control Report, installers, integrators, consultants, and vendors who deal directly with end-users increasingly must balance multiple demands and influences from several departments when upgrading systems. And while final authority is still most likely to rest with C-Suite executives such as the chief information security officer (CISO), chief information officer (CIO), and chief technology officer (CTO), or even the physical security department, many other departments exert some degree of influence in the decision-making process. These most often include the sustainability department (38%), facilities (31%), procurement (28%), and IT (21%).

The Evolution of Access Control Influence

The annual State of Access Control report surveyed organizations worldwide representing industry verticals including manufacturing and industrial (16%); professional services (10%); government/public sector (10%); software, technology and communications (8%); healthcare (6%); retail (5%); and banking (5%).

One of the key indicators of what lies ahead for those tasked with security system decisions is the age of the systems currently in use. The majority of organizations surveyed said they are working with access control technology that is no more than six years old. Older, potentially more vulnerable legacy systems account for a significantly smaller proportion of the market (19%), although this may be an underestimate, as more than 15% of respondents were unsure of their system’s age.

Additionally:

• 42% reported their organization’s access control was under three years old.
• 14% said their access control system was over six years old.
• 54% planned to upgrade access control system software.
• 53% planned to upgrade readers and credentials.
• 50% intend to upgrade controllers.

Importantly, the survey found that ensuring those upgrades – or any changes to security systems – are successful requires close collaboration between physical security, cybersecurity and/or IT security departments. Nearly half (48%) of all respondents stated that the IT department is “fully consulted” when it comes to upgrading physical access control systems, despite its overall influence being less than that of other departments. These dynamics reflect regional priorities, with initiatives like Saudi Vision 2030 and the UAE’s digital transformation agenda positioning secure, scalable access control as a cornerstone of smart infrastructure.

Additionally, when identifying which departments have authority or influence in upgrade decisions, more than 70% of respondents pointed to the physical security department, while just 53% indicated it was the IT department. Behind IT were facilities (50%), information security (35%), procurement (27%), and C-Suite (24%). Fifty-eight percent indicated that they work with the IT department to establish best security practices, while 55% said they collaborate with IT when looking for new technologies.

The Intertwining of Cyber- and Physical Security

The report’s findings are indicative of the growing movement by organizations across industries to merge physical and cybersecurity operations – a shift that began when physical security systems transitioned from analogue, closed circuit, siloed systems to IP-based networks and IP endpoints.

In the Middle East, this is particularly relevant for sectors like energy, aviation, and government, where IP-connected security systems must meet increasingly stringent risk and compliance requirements.

Unifying these operations also helps mitigate the growing threats associated with interconnected devices, many of which are now directly connected to an organization’s IT network. The sensitive data required to control access safely must move through multiple components, including credentials, readers, controllers, servers, software clients, and more. Without proper protection, this data is highly vulnerable to attacks and data breaches that come with real-world consequences. Not only did the average data breach cost $4.45 million in 2023 (a 15% increase since 2020), but a compromised access control system also allows nefarious actors to access restricted areas, disable alarms, alter permissions, and steal proprietary information. This type of risk is especially acute in the Gulf, where national infrastructure and high-value facilities are common targets of sophisticated cyber-physical threats.

Furthermore, when physical and cybersecurity functions operate independently, blind spots emerge. This lack of visibility complicates efforts to identify and address security gaps, compromising the confidentiality, integrity, and availability of access data. Gartner predicts that by 2025, 41% of enterprises plan to converge parts of cyber and physical security – a 10% increase over 2020. In a region focused on proactive risk management, this convergence is not just a recommendation; it’s quickly becoming standard practice.

Eliminating Silos to Mitigate Risk

Today’s access control systems do more than protect against intruders; they also play a crucial role in safeguarding against malicious actors who target an organization’s data. To secure both people and digital assets, organizations must evaluate not just the integrity of individual security components, but how data flows between them and where weak points may exist

In the Middle East, where digital transformation is a top national priority, organizations that bring together security, IT, facilities, and sustainability teams are best positioned to protect what matters most. By eliminating silos and fostering collaboration, they can fully secure the sensitive personnel and facility data needed to support smarter, more resilient operations.