One of the most used phrases in cyber security vernacular is that people are the weakest link in the chain. They are human, they make mistakes, they’re fallible. When it comes to physical security the same is probably also true; or is it?  What if human behaviour isn’t an unavoidable flaw in a well-designed security system? What if they are responding exactly as the system has been designed?

According to IBM’s Insider Threat Report, 83% of organisations reported insider incidents in 2024, significantly up from the year before. Insider threats are not always malicious, carried out by disgruntled staff, but more than half occur due to negligence or misuse.

If that’s happening now – and continues to happen – surely that says something about the design of the system more than the users? That includes security personnel responsible for managing the system, as well as staff, guests, contractors etc., who use the system on a daily basis.

This is where user-centricity comes into focus. Security systems have traditionally been designed around capability: what they can do, what they can detect, what they can control. But increasingly, organisations are recognising that how a system is experienced – by operators and everyday users alike – is just as critical. Because in practice, security only works if people can and will use it correctly.

When complexity becomes a risk

Modern security environments have evolved to deal with increased threat levels. The result: systems and solutions that are more complex than ever before in pursuit of providing organisations with a complete picture. This includes access control, CCTV, intrusion detection, visitor management, analytics platforms, integrations with IT and environmental systems, often all running side by side.

While this may provide a 360 view of security, lack of integration means that security teams have disparate systems, with multiple interfaces to monitor, alerts in multiple locations, manual cross-checking and increasing pressure to respond quickly, despite having incomplete information.

This is not the ideal space to work in – especially in a high pressure, often critical environment. The dangers, over time, include fatigue, burnout and missing key alerts.

Why users don’t follow the rules

For everyday users of the security system, such as staff, contractors, visitors, the same can apply. When systems are clunky or slow, intrepid employees find work-arounds. Rushing to meetings, being late for work, nipping out for a coffee or a cigarette, reams of paperwork to get visitor access are all practical, daily issues that can lead people to seek the path of least resistance. For example, holding open doors to avoid repeated authentication, sharing access cards, or tailgating are all done for convenience sake, but all add significant risk.

None of this is done maliciously – it’s all in the name of convenience.

Designing security that works in the real world

Blaming users or operators is the easy answer. Designing unified systems that work in real-world conditions is a little harder. Removing the human factor from the equation is also not the answer. Instead, creating security systems that support them is. What does this look like for security teams and the control room?

  • A unified view of events – instead of multiple, disconnected tools
  • Clear context around alerts
  • Workflows that reduce decision time

For users, this means:

  • Access that is simple and intuitive to follow correctly
  • Processes that fit naturally into daily routines
  • The right level of friction in the right places, without unnecessary barriers

Rethinking the weakest link

People will always be part of any security system. That’s not a flaw, it’s a constant. The question is whether those systems are designed with that reality in mind. When security creates friction, people work around it. When systems overwhelm operators, critical signals get lost in the noise. In both cases, risk doesn’t come from individuals alone, but from the gap between how security is designed and how it is actually used.

A more user-centric approach closes that gap. It recognises that effective security isn’t just about stronger controls, but about creating environments where the right behaviours are the easiest ones to follow. In that context, people are not the weakest link in the chain. They are the point at which security either succeeds or fails.

To find out more about our unified platform, get in touch today.