Security 360° Morning Event: facing hybrid attacks, the convergence between cybersecurity and physical security is becoming strategic
In Marseille, at Club 29 in the Tour La Marseillaise, Onet Security brought together security directors, security managers and cyber experts for a Security 360° Morning Event dedicated to emerging threats and European regulatory developments. In a context of geopolitical instability and accelerating cyberattacks, one conclusion stands out: organizations must now manage security globally, integrating human, physical and digital dimensions.
Here are the main takeaways from the presentations of:
- Fabienne Pillet (CEO, Onet Security & board member of the GES)
- Marc Véran (Group Security Director and Defense Advisor, ONET Group)
- Lieutenant Colonel Fabien Suchaud (Cyber Mission Officer for the PACA region, French Gendarmerie)
- Mickaël Wajnglas (General Secretary, SPAC Alliance)
- Martin Renard (Technical Director, Onet Security)
A growing cyber threat
The figures presented during the event highlight the scale of the phenomenon. In France, 348,000 complaints related to digital offenses were recorded in 2024, representing a 74% increase over five years. However, this figure only reflects part of the reality: only a fraction of attacks lead to a formal complaint. The overall cost of cyberattacks for the French economy is estimated at more than 118 billion euros, including operational, financial and reputational impacts.
The cybercrime ecosystem has become highly structured, with specialized actors such as malware developers, initial access brokers, ransomware operators and crypto asset laundering networks.
This structuring of cybercrime is accompanied by the industrialization of attacks and the growing professionalization of criminal groups capable of targeting large corporations, public organizations and SMEs alike.
Hybrid attacks: the convergence point between cyber and physical security
Beyond traditional cybercrime, companies must now face hybrid attacks in which a physical intrusion on a site allows attackers to compromise the information system from within.
Access to a technical room, the compromise of a connected device or the recovery of credentials through a workstation can enable or amplify a cyberattack.
Attack surfaces are multiplying: cloud environments, supply chains, shadow IT, but also physical infrastructures and access to critical equipment. In this context, the traditional separation between cybersecurity and physical security is no longer relevant. Security departments must now adopt a unified and global approach.
NIS2 / CER: towards end to end security
The European Union is also accelerating the transformation of the regulatory landscape. The NIS2 Directive, currently being deployed across Europe, now requires organizations concerned to implement:
- stronger cyber risk management
- rapid incident reporting
- greater executive accountability
- a comprehensive approach including physical security
The Directive on the resilience of critical entities (CER) complements this framework by strengthening requirements related to the physical protection of essential infrastructures.
Cybersecurity can no longer be treated independently from physical security. New European regulations require an end to end vision of security.
For security departments, these developments represent a major step forward: organizational security can no longer be limited to information systems but must encompass the entire operational ecosystem.
Cyber Resilience Act: a turning point for security technologies
Another major development is the Cyber Resilience Act, adopted by the European Union. From late 2027 onward, all products containing digital elements will have to comply with strict cybersecurity requirements in order to be marketed within the European market.
This regulation directly impacts many technologies used in security systems:
- identity management systems
- access control solutions
- authentication readers
- connected devices
- network infrastructures
To enable the implementation of the regulation, the European Commission has launched the development of 41 harmonized standards covering different product categories. Among them is Standard 16 dedicated to identity and access control systems, developed as part of the HESTIA project led by SPAC Alliance.
Towards end to end security
For physical security and cybersecurity teams, these developments require a deep transformation of approaches and practices. Compliance with the new requirements notably involves:
- integrating cyber and physical security challenges
- adopting open and interoperable solutions
- using recognized standards
- conducting compliance audits and risk assessments
The analysis of physical security systems is becoming a central element of cybersecurity strategy: network architecture, access management, equipment encryption, organizational procedures and identity governance.
A strategic challenge for organizations
Beyond regulatory compliance, the convergence between cybersecurity and physical security is becoming a strategic issue for the resilience of organizations.
Facing hybrid threats and increasing regulatory pressure, companies must rethink their security approach and adopt a global vision covering all infrastructures and processes. This is precisely the dynamic supported by SPAC Alliance, which brings together ecosystem stakeholders to promote open, interoperable solutions aligned with future European standards.
