Alberto Tovar (CEUSS): Threats to businesses can no longer be analysed in isolation
President of Business Confederation of Security and Services Users (CEUSS) and Head of Security at Moeve: “We are faced with complex scenarios in which physical, cyber, operational and reputational risks, among others, converge, often influenced or amplified by external factors such as the geopolitical situation or tensions in supply chains.”
How would you define the security sector at this particular moment in time?
We are at a fascinating juncture in the profound transformation of the security function. Its evolution is no longer limited to the adoption of new technologies or compliance with new regulatory requirements, but involves a much broader shift in approach. The convergence of physical security, cybersecurity, information security and so on is shaping a new paradigm in which the ‘boundaries’ of responsibility are becoming blurred. This calls for a rethink of organisational structures, management models and job profiles. Corporate security must take on a holistic, integrative role, capable of coordinating these areas and aligning them with the strategic objectives of our organisations.
Furthermore, it is essential to strengthen the safety culture within companies. It is not simply a matter of having the necessary resources or procedures in place, but of fostering awareness, shared responsibility and the capacity to respond at all levels of the organisation. CEUSS plays a key role here as a meeting point for users of security and services, facilitating the exchange of knowledge, the identification of trends and the development of proposals that help improve the system as a whole. Our aim is to continue to consolidate this role, providing a rigorous, practical and results-oriented approach for our members and society.
How has the environment in which businesses operate changed, and how does this change affect security challenges?
To identify the challenges, it is necessary to have a thorough understanding of the current context, as the environment in which businesses operate has changed radically. Threats can no longer be analysed in isolation or categorised in the “classic categories”. We are faced with complex scenarios in which physical, cyber, operational and reputational risks, among others, converge, often influenced or amplified by external factors such as geopolitical and tension in supply chains.
In this context, one of the main challenges is to move from a reactive culture towards a proactive, forward-looking culture. This means equipping ourselves with better analytical and intelligence-gathering capabilities, but also embedding security into our companies’ decision-making processes. Security should cease to be a peripheral element and become a structural component of business strategy.
Managing interdependencies is also another critical aspect. Today's organisations are deeply interconnected, and an incident at one operator can have a knock-on effect on other operators. This context calls for a systemic approach to risk and for the strengthening of coordination mechanisms, both internal and external, including those within the public sector.
Furthermore, developments in the regulatory framework governing the protection and resilience of critical infrastructure introduce an additional level of requirement. Companies will have to address changes to their risk, crisis and business continuity management models, and we will also have to make significant investments; clear criteria, consistency in interpretation and institutional support will be essential for this.
Finally, we cannot ignore the challenges posed by talent and technological transformation. It may sound like a cliché, but it is clear that the security function needs to evolve towards roles that are more executive, integrative and multidisciplinary, while incorporating advanced digital tools that will enable us to improve our efficiency and responsiveness.
Which sectors and areas of activity does CEUSS cover, and what targets have been set for 2026?
CEUSS brings together major companies, many of them operating in sectors that are essential to society, such as energy, transport and banking. They all have one thing in common: security is a critical factor that affects the continuity of our businesses, the delivery of services and, in many cases, the stability of the economic and social environment.
What sets CEUSS apart is that we represent the user of security – that is, the person who ultimately implements the solutions, assumes the risks and bears the consequences of any incident. This puts us in a unique and particularly significant position when it comes to delivering a practical, results-oriented approach.
We have drawn up a roadmap for 2026 based on three key priorities. The first priority is to enhance the association’s visibility and influence as a key stakeholder, creating value through structured dialogue with other stakeholders in the ecosystem and the exchange of knowledge among members. Under this priority, it is crucial to promote more effective representation in dealings with the legislature, thereby helping to ensure that legislation is realistic, practicable and in line with how businesses operate.
The second priority is to continue making progress in establishing security as a strategic function within organisations, which ties in with resilience and crisis management. And finally our third priority is to promote more efficient frameworks for relations with service providers, enhancing service quality and the sustainability of procurement models.
How important are dialogue and interaction between the business sector and the public sector in improving security?
Dialogue is undoubtedly one of the key elements underpinning any situation. Our sector has been structured around manufacturers, suppliers and regulators, leaving the user’s perspective in the background all too often, with users merely ‘footing the bill’. However, it is clear that an effective model cannot be built without actively involving those of us who manage risk and take responsibility.
At CEUSS, we believe there is a need to move towards more inclusive governance models, in which all parties contribute according to their respective areas of responsibility and expertise. The user provides an essential operational perspective for avoiding malfunctions, excessive regulation or solutions that are out of touch with the business reality on the ground. For example, the use cases for biometrics and anti-drone technology, which we have analysed in specific working groups within the association.
As for public-private partnerships, there is little to say; they remain a critical factor. We believe there is room for improvement in areas such as agility and the quality of information sharing. Threat intelligence must be generated and disseminated seamlessly, in a way that's two-way and useful, underpinned by relationships of trust and effective coordination mechanisms.
However, cooperation between private operators is equally important. Shared learning, the exchange of real-life experiences and the joint identification of areas for improvement all help to raise the overall level of maturity of the system as a whole. In this regard, initiatives launched by CEUSS, like the document on lessons learned following the power cut in April 2025, help structure this exchange in an organised and productive manner.
Ultimately, improving the sector necessarily involves strengthening collaboration at all levels and approaching safety as a collective challenge.