7 Signs Your Organisation Needs a Converged Security Approach
Converged security connects cyber, physical and human risks. Improve visibility, coordination and resilience by addressing security gaps across your organisation.
Converged Security
Supply chain resilience is about managing persistent uncertainty – and needs active governance
In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.
Converged Risk in Practice
Our second converged security session hosted in partnership with Mitie brought together senior leaders from security, risk and resilience to explore a practical question: what does convergence look like when it works and why does it remain so difficult to achieve? The session was designed to focus on practice rather than theory. Each panellist was asked to share an example of where convergence is
Why supply chain resilience now sits at the centre of organisational risk
Why supply chains must be treated as risk systems. Explore geopolitical risk, climate disruption and resilience in modern supply chain governance.
Secure by design: embedding protection before systems go live
Toro works with organisations to integrate Secure by Design principles across facilities, digital infrastructure, operational processes, and workforce environments.
Red Team engagements: seeing your organisation the way an attacker does
Rather than testing isolated controls, a red team engagement replicates how real adversaries combine cyber, physical and human attack vectors to achieve defined objectives.
Business continuity planning: preparing organisations to operate through disruption
At Toro, business continuity is treated as an operational capability rather than a compliance document.
If a black swan event happened tomorrow, would your organisation be ready?
At a Corps Security and Toro roundtable, industry leaders examined how organisations build resilience amid geopolitical tension, digital interconnectivity and misinformation and why real preparedness depends on people, communication and tested response plans, not just documented strategies.
Who actually owns risk in a converged world?
In this article, Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk at Toro Solutions, warn that many organisations talk about convergence but stop short of true accountability.
While cyber, physical and people risks are increasingly connected, ownership of those risks often remains fragmented. Different teams manage different parts of the picture, with no single leader responsible for how those threats combine. The result is blurred accountability, slow decision-making and gaps that only become visible during an incident.
Barnett and Wilson argue that collaboration alone is not enough. Without clear authority, board-level visibility and a culture that supports joined-up thinking, risk continues to sit between functions rather than being actively managed. Convergence, they conclude, only works when someone is clearly accountable for the whole picture.
Security Without Borders – Rethinking Executive Protection in a Hyper-Exposed World
In this piece, Peter Connolly Security Without Borders: Rethinking Executive Protection in a Hyper-Exposed Worldexplores why executive protection has become a board-level issue.
With major technology firms spending tens of millions on personal security for senior leaders, Connolly argues that the threat landscape has shifted beyond the office perimeter. Today’s executives are exposed through their digital footprints, families, travel patterns and personal devices. AI-driven risks such as deepfakes, voice cloning and highly targeted phishing have made impersonation and reputational attacks far more convincing and far more damaging.
He makes the case that protection can no longer sit solely with IT. It must be converged, intelligence-led and embedded across the organisation, spanning physical security, cyber resilience, communications and culture. In a hyper-connected world, safeguarding leaders means safeguarding the business itself.
Cyber Insights 2026: Cyberwar and Rising Nation State ThreatsCyber Insights 2026: Cyberwar and Rising Nation State Threats
Peter Connolly, CEO of Toro Solutions, featured in SecurityWeek’s Cyber Insights 2026 report on cyberwar and rising nation state threats.
Quoted alongside global industry leaders, Connolly highlighted one of the biggest challenges facing organisations today: attribution. “Businesses may see the activity, but proving who is behind it often requires classified intelligence and corroboration from other sources that private firms simply do not have access to,” he said, underscoring the uncertainty that shapes response and accountability in an era of blurred lines between criminal and state-backed activity.
The piece explores how cyberwarfare is evolving, why attribution remains complex, and what this means for enterprise resilience in 2026.
Ecosystem is the biggest cyber risk
In this latest article, Toro Solutions CEO Peter Connolly argues that many organisations are investing heavily to protect systems that are no longer the most likely source of a breach.
The greatest cyber risk now sits in the wider ecosystem of suppliers, software platforms and digital partners that businesses depend on but do not control. Drawing on recent incidents and client experience, he explains how attackers increasingly exploit trusted connections between organisations, using smaller or less mature partners as entry points into much larger networks.
As digital supply chains become more complex, cyber security can no longer be managed in isolation. Connolly makes the case that boards focusing only on internal controls are overlooking their largest attack surface, and that real resilience depends on stronger standards, better information sharing and collective accountability across the ecosystem.