Tailgating and Piggybacking: Risks That Go Beyond Security
A security integrator could ask their customer one simple question: “How many unauthorized people are acceptable in your facility?” The answer should almost always be zero.
And yet every day, unauthorized people enter facilities through tailgating and piggybacking.
There is an ever-growing gap in physical security strategy between the problems organizations understand they have and the solutions they are willing to invest in to fix them. The result is not just a security gap, but an increasing operational, financial, and reputational liability.
Tailgating and piggybacking have long been a part of daily operations for many organizations. In fact, this phenomenon is one of the most common and most preventable failure points in facility security.
In a 2019 independent study conducted by Boon Edam, 188 security end users, integrators, and consultants were surveyed on the subject of access control risks within their facilities. When asked about the likelihood of a breach occurring as a result of tailgating, 71 percent of end users stated it was likely to very likely.
Yet the same study found that 82 percent of end users said their main solutions are reactionary, like access control systems, video surveillance, guards, or investigations, which only address risks after they happen.
If end users know this is a serious weakness, why aren’t more taking proactive steps to close the gap?
Tailgating occurs when an unauthorized person gains access to a secure area by closely following someone with valid access. Usually, the person with access does not realize they have let someone else in. Piggybacking, on the other hand, involves cooperation. It can be friendly, like holding the door for a coworker, or forced through threats or even violence.
Both forms of unauthorized entry bypass access control systems. Piggybacking is often more socially accepted than tailgating, which makes it harder to stop with simply policies and procedures. Without physical barriers that enforce one-person entry, organizations have to rely on people’s actions, and courtesy often wins over caution.
The most dangerous part of tailgating and piggybacking is not the actual act itself, but the uncertainty it introduces into security operations. When an organization cannot account for who is in its facilities, it cannot control what they can access, disrupt, steal, or compromise.
Operationally, there is interference with daily business in the most subtle but serious ways. On a manufacturing or logistics floor, this can look like disruption to process flow or unauthorized entry into production areas. In corporate, mission-critical, or otherwise regulated environments, unsanctioned entry to offices, laboratories, or control rooms can result in downtime, investigations, and even evacuation.
Unauthorized access creates significant financial and regulatory risk for organizations, including intellectual property theft, data breaches, regulatory noncompliance, fines and penalties, increased insurance premiums, and costly litigation. In regulated environments such as data centers, healthcare facilities, and critical infrastructure, the inability to adequately secure access can lead to a loss of operational control and, in some cases, full shutdown.
Workplace violence, data breaches, and other serious incidents linked to unauthorized access can permanently change how people see an organization. Customers, employees, and stakeholders will want to know what could have been done to prevent an incident. If known risks were ignored, trust could be lost and hard to regain, in addition to the potential financial costs of a breach.
Cameras, access control systems, and guards are important for safety and security, but they mostly react to problems. They are not designed to stop unauthorized access before it happens, and often do not prevent it.
If you only use detection tools, you assume someone will try to get in without permission and that you can handle the consequences afterward. This approach does not work for organizations that want to be resilient, compliant, and reduce long-term risks.
Security entrances can be grouped into three main types: deterrence, detection, and prevention.
Deterrent solutions are visible physical and psychological barriers at entry points. These often deter casual unauthorized entry attempts. Full height and waist-high turnstiles demonstrate a clear and evident control of access, which is often enough to make them a cost-effective and low-tech solution. As a result, they are a cost-effective first layer of defense for lower-risk or public-facing entrances.
Detection-based entrances are solutions that are designed to identify tailgating or piggybacking attempts in real-time. Optical turnstiles and speed gates, for example, will have sensors to detect when someone is trying to enter without authorization. An alarm can be triggered to alert nearby security staff to respond to the area.
Prevention-focused entrances actively combat unauthorized access at its source. Security revolving doors and mantrap portals are purpose-built to enforce single-person access into a facility. Mantrap portals use state-of-the-art sensor technology to actively prevent piggybacking by ensuring that only one authorized person is allowed through. In high security settings where throughput is also a priority, security revolving doors can be integrated with access control systems to eliminate tailgating while enabling fast and efficient entry/exit. Prevention-focused entrances are often unattended, further reducing the need for constant guard supervision and realizing a faster ROI.
Tailgating and piggybacking happen every day and can have serious consequences. If organizations ignore the problem or treat it as a minor rule violation instead of a real security risk, they are exposing themselves to big operational, financial, and reputational dangers.
Education is an important step towards helping to mitigate tailgating and piggybacking, but without infrastructure designed to actually prevent unauthorized entry, awareness on its own is not enough.
The question is no longer if tailgating will happen, but whether it will be prevented or simply documented after the fact. When a critical incident occurs, ignorance will no longer be an excuse. Solutions to proactively prevent unauthorized access exist, and those organizations that are deploying them now are best positioned to protect their people, assets, and reputation.