New Delhi, Sept. 16 -- As enterprises increasingly adopt digital tools, the borders between physical and digital realms are disappearing from automated factories to hospitals relying on smart medical devices, operational technology (OT) and information technology (IT) are converging giving rise to a new risk - phygital threats.
The Cyber-cum-Physical Threat Physical systems and digital infrastructure are equally vulnerable to phygital threats. In 2021, the Colonial Pipeline ransomware attack upset fuel deliveries across large swathes of the US, triggering major economic disruption. The Russia-Ukraine war has included precision cyberattacks and ground operations that destroyed energy and communications infrastructure.
In 2020, a power outage in Mumbai was probed as a potential cyber-related event that led to citywide disruption. In a more recent 2024 ransomware attack on the National Data Centre in Indonesia, multiple government services and immigration checks were disrupted. Such cases highlight how phygital attacks can lead to severe financial loss, operational downtime and reputational damage with virtually no segment being immune. As a result, demands have arisen for urgent countermeasures.
By 2027, Gartner projects that around 75% of asset-intensive companies will use cyber-physical system protection platforms to pinpoint, map and safeguard vital assets. From 2025 onwards, 50% of these companies are slated to work under a unified Chief Security Officer, overseeing cyber, physical and supply chain risks within an integrated model. These trends emphasize the dire need for interlinked, cross-domain defences.
Although security teams are empowered by artificial intelligence to detect cyberattacks and respond quickly, attackers also use AI to amplify the scale of threats and its precision. Generative AI tools have been weaponized to mimic trusted communications while sidelining multifactor authentication and automating phishing at scale.
Transition from Protection to Resilience The conventional cybersecurity approach meant the focus remained on stopping intruders. However, current reality calls for a novel approach that presumes breaches will occur and prioritizes continuity rather than containment. Resilience is the mainstay of this approach, where recovery is just one aspect. Instead, it's more about adaptive defense that allows organizations to anticipate attacks, curb the impact and bounce back swiftly.
How to Build Adaptive Systems
To secure phygital enterprises, firms must employ a multitiered, intelligence-led strategy. This covers zero trust by default by validating each user and device, irrespective of location; micro-segmentation: where workloads are isolated to avoid lateral movement within networks; AI-enabled threat detection: behavioral analytics is used to discover anomalies early; post-quantum cryptography: companies get ready for the next level of encryption challenges by deploying algorithms that resist quantum computing attacks.
Additionally, there is security simulation with digital twins where virtual replicas of critical systems are created to simulate attack scenarios and stress-check defences even before attacks occur; domain-specific templates: here security protocols are aligned with operational processes and priorities since retail, healthcare and manufacturing need stringent safeguards; real-time recovery architecture: to limit downtime, firms can establish layered backups, automated rollback systems and redundant connectivity.
Understanding Phygital Resilience in Action In healthcare, hospitals utilize dual backup systems, one each for electronic health records and connected devices, to ensure continuity during ransomware incidents. In retail, smart shelves and PoS (point-of-sale) terminals are monitored for anomalies, while Edge AI permits inventory protection and real-time fraud detection. In banking, insider threats are detected across physical and digital channels by pairing biometric authentication with behavioural analytics.
Reframing the Strategic Cybersecurity Outlook As digital and physical domains accelerate their convergence, so does the complexity of risks that firms must negotiate. Consequently, viewing security in isolation is no longer feasible. Therefore, it needs to be well-entrenched within any enterprise strategy, digital transition roadmaps and AI deployment networks.
Focusing solely on peripheral control will leave companies a step behind. Robust cyber preparedness lies in being capable of adapting, absorbing and recovering faster than threats evolve.
For fast-growing nations such as India, where the digital economy is expected to contribute almost 20% of its GDP by 2026, phygital resilience is crucial for uncovering trust and national competitiveness in digital ecosystems. Backed by their integrated visibility across IT and OT systems, communications technology providers are already enabling enterprises to make this shift.
There is no doubt that the future of cybersecurity won't be determined by how well one defends, but rather, how speedily we bounce back. In an age where cyberattacks are inevitable, resilience remains the only real benchmark of readiness.
Published by HT Digital Content Services with permission from TechCircle.