As we should know by now, many industries allow too much openness, or at least a habit of leaving holes unplugged. Companies in retail, financial services, oil and gas, hospitality, food service, manufacturing and elsewhere suffered a combined 855 data breaches in 2011, according to Verizon, which works with enforcement agencies in four countries to produce an .

About 10 percent of these data incidents also involved a physical breach, such as getting physical access to a device or system with sensitive information or swapping legitimate access codes for fake ones, to gain entrance to an office or machine.

Keeping physical and information security separate, as so many companies do, can create gaps between the two entities that let intrusions go unnoticed, says Michael Assante, president and CEO of the National Board of Information Security Examiners, a research organization that focuses on professional development of . The separation can also lead to ineffective response once an incident is discovered, he says.

Assante was previously chief security officer at the North American Electric Reliability Corp., which monitors the performance of the electrical grid. He oversaw implementation of security standards across the electricity grid. Security teams that combine physical and information staff can apply a variety of investigative techniques to find problems sooner, he says. "It is critical that we consider how best to remove the vulnerabilities that are presented by silos."

It doesn't help that executives sometimes . Forty-three percent of 9,600 business and IT executives called themselves security "frontrunners," according to the latest annual global security survey by PricewaterhouseCoopers and CSO magazine, a sister publication of CIO.