Modern attackers don’t just target one area. They target multiple points, looking for a gap.
In most organisations, people work in their own swim lanes so gaps inevitably appear between them. IT focuses on systems, HR on staff, and facilities on physical access. These separate responsibilities inevitably create blind spots.
Think about it. IT sees an alert, HR notices unusual behaviour, a supplier raises a concern, building logs flag irregular activity. Alone, each signal may seem minor. But together? They could tell a bigger story. If nobody talks to each other, that story never gets told and that’s exactly what attackers count on.
When was the last time all the different departments reviewed the same incident together? If you can’t answer quickly, your organisation probably has blind spots that attackers will find first.
Blind spots in action
If attackers can’t access your network, they may try to manipulate staff. If that fails, they’ll test the supply chain or exploit unguarded doors. They take whichever path gives them the best chance to succeed.
Take the supply chain. We have seen cases where a single compromised supplier gave attackers access to systems, exposed staff details, and created opportunities for physical entry. Yet the organisation treated these as three separate issues. IT handled the systems, HR worried about the people, and facilities dealt with access passes. The bigger picture only became clear much later.
People risk is another common blind spot. Organisations often invest heavily in cyber monitoring and physical controls but pay less attention to social engineering, insider threat signals, or hostile recruitment approaches. Attackers know this. They focus on people because staff touch every domain and no single function is responsible for connecting the dots.
Timing adds another layer of complexity. Cyber threats shift daily. Physical risks build over weeks or months. Supply chain weaknesses can take years to surface. Personnel risks often follow business cycles such as restructuring or rapid recruitment. If intelligence collection is tuned only to fast-moving cyber threats, slower but equally serious risks can be missed entirely.
Building integrated intelligence
Silos exist for a reason: they give specialists focus. Each team can focus on its domain without distraction. But at the organisational level, they fragment risk management and important connections between risks often go unseen.
There is a misconception that convergence means turning everyone into generalists. That is not the case. The most effective convergence happens when experts remain experts in their own domains but learn to translate risks and solutions across disciplines.
A cyber analyst does not need to become a vetting officer, but they should be able to explain how a phishing attempt may link to hostile recruitment of staff. A facilities manager does not need to understand malware, but they do need to see how suspicious access behaviour might be part of a wider campaign. Fluency across disciplines is what allows small signals in one area to make sense when shared with another.
The cultural challenge
The hardest part of breaking down silos is culture, not technology. A UK government paper from September 2024 defines security culture as the way people understand and behave with regards to security, shaped by how far it is designed to work for them.
If processes feel impractical or disconnected from daily work, staff will find workarounds. Not out of carelessness, but because the system does not make sense in practice.
Convergence can fail if the people expected to make it real feel disengaged. When staff do not see their role in security, they are unlikely to notice weak spots or challenge suspicious behaviour. That disengagement is exactly what attackers hope for.
True convergence is not just about joining up systems and reports. It is about creating an environment where security across all domains is part of the culture, not an added burden. When staff feel included and processes make sense, silos are far less likely to reappear.
Turning blind spots into insights
Silos create blind spots, and blind spots create opportunity for adversaries.
Modern attacks are built to move across domains, combining cyber, physical, personnel, and supply chain tactics. Isolated defences leave organisations one step behind.
Integrated intelligence will not remove risk, but it will give foresight. It helps organisations see patterns early, prioritise resources, and make business decisions with the full picture in view. Converged security is not an aspiration; it is a requirement if organisations are to stay ahead of threats that refuse to sit neatly within traditional boundaries.
Three questions every leader should ask
If you sit on a board or lead a security function, three simple questions will reveal whether your organisation is still working in silos:
- Do we receive one joined-up risk picture, or separate reports that don’t connect?
- When was the last time our cyber, physical, HR and third party risk management teams sat down together to review the same issue?
- Can our specialists explain how their risks overlap with others, or do they only speak their own language?
If the answers are unclear, the silos are still there. Closing them is not about diluting expertise. It is about making sure those experts can translate across domains and that leaders see the whole picture before attackers exploit the gaps.