Managing Security Threats through Touchless Security Technologies: An Overview of the Integration of Facial Recognition Technology in the UAE Oil and Gas Industry

: Throughout the past few years, the oil and gas industry in the United Arab Emirates has grown signiﬁcantly, and is currently one of the top ten oil producers in the world. As a result, it is at risk of physical security threats, including theft, unauthorized access, vandalism, espionage, and other incidents which could disrupt its operation. Consequently, signiﬁcant investments in the latest security technologies are necessary to protect this critical infrastructure and maintain its international standing. Therefore, the main objective of this study is to examine whether integrating facial recognition technology (FRT) with a physical security system in this sector would improve physical security performance and efﬁciently mitigate potential threats. A quantitative approach was applied to collect the essential information with a sample size of 371 selected through a simple random sampling method to ensure the validity and reliability of the research results. In addition, regression analysis was conducted using Smart-PLS version 3.3.9 based on (SEM) to deﬁne the signiﬁcant relationships between the hypothesis applied in the conceptual model. Furthermore, the ﬁndings were signiﬁcant as they provided the basis for future studies for the practical application of FRT to enhance the UAE oil and gas company’s resilience to physical security threats.


Introduction
Globally, the security of oil and gas infrastructure has become a paramount issue because of the safety levels needed in such sectors.These evolving security needs are critical, given the significance of oil and gas to the global economy.Ref. [1] notes that security lapses, government negligence, organizational culture, and criminal intent to access oil and gas resources have increased thefts and vandalism at different sites.According to [2], physical security performance within the oil production industry must be improved by adopting systematic and strategy-linked approaches.As a result, many companies in the modern business environment have been finding ways to implement physical protection systems that use different physical security technologies [3].Indeed, discussions on physical security have evolved into topical issues for many organizations, given the growing need to secure assets from unauthorized personnel [4][5][6][7].As [8] advised, one should not consider themselves lucky or 100% secure if you there is no experience of physical security threats, but rather one should rather think that monitoring capability is probably insufficient, as physical security threats can manifest in many forms, and should be paid attention to.However, one of the primary reasons for the growing concerns is that physical security threats have evolved, presenting physical security teams with novel and sophisticated challenges.For example, oil and gas company Saudi Aramco, one of the leading companies in the world, has encountered several security incidents in recent years even though it has invested considerable resources into improving network security and has entrusted 33,000 soldiers and 5000 guards to protect the company's assets [9].It seems reasonable to argue in this situation that physical security is a topic that is becoming more relevant than ever, leading scholars to examine the factors that could strengthen the existing physical security systems and develop new strategies for enhancing their effectiveness.
The United Arab Emirates is one of the key players in the global oil and gas industry.Despite its location in a desert region, which previously neglected its prosperity, the country has proven oil reserves of approximately 97.8 billion barrels, accounting for close to 10% of the global reserve [10].Abu Dhabi's oil and gas industry is pivotal to the region's energy production, and its physical security has been gradually developing.Many mechanisms, such as traditional physical security controls, effective security officers' patrols, fingerprint technology applications, electronic access control, perimeter intrusion, and CCTV surveillance systems, are already incorporated in highly restricted security zones [11][12][13][14].Organizations have used these options for decades to protect their assets, and the technologies used therein have served their purpose effectively [15].Unfortunately, these security measures display several weaknesses, such as the risk of unauthorized access to restricted facilities because of the loss of an access card or confusion during rush hours [6,16,17].The fact that physical components of security systems are often insufficiently addressed is a truism in the academic literature.For example, ref. [6] argues that "the physical element of security is often overlooked".
Therefore, the primary purpose of the current study aims to examine the potential of facial recognition technology integration with the existing physical security in an oil and gas organization in the UAE to improve its performance.The study was conducted in line with the integrated physical security culture model to understand the physical security gaps in this organization.The model is relatively recent; nonetheless, it has been validated in several studies [18][19][20].Specifically, this study aimed to address the lack of research evidence on the industrial application of facial recognition technology in oil and gas companies operating in the Middle East and North Africa region, demonstrating its practical applicability.Therefore, the current study extends the limited research on facial recognition technology integration in the oil and gas industries of Abu Dhabi and the MENA region.This study is among the first to consider the applicability of facial recognition technology in the UAE oil and gas sector as opposed to other industries, such as law enforcement and airports.
Furthermore, there is compelling evidence that integrating facial recognition technology (FRT) into the existing physical security system could significantly enhance the effectiveness of physical security culture domains within an organization [7,[21][22][23].Despite the lack of adequate information from the literature on how the integration between the physical security system could be achieved, a research gap that the current study seeks to address, the findings could be used to develop practical recommendations to enhance physical security systems at any oil and gas company.However, a single study could hardly serve as specific guidelines for integrating facial recognition technology with the current physical security system.Therefore, the study results serve as a foundation for future research into the facial recognition technology integration concept in oil and gas industries, which has the prospect of widening the knowledge of the technology's applicability.In addition, security specialists, scholars, policymakers, regulatory specialists, and corporate managers may use this study to support the development of further research into facial recognition technology integration in the oil and gas industries rather than in airport settings or other similar lines of study.

Physical Security Threats and Physical Security Performance
Generally, each industry receives different physical security threats, so there is no universal tool to measure physical security performance.In addition, rapid technological change has left many organizations vulnerable to physical security threats as they focus less on the significance of physical security measures.However, proactive and preventative security planning can enhance resilience in many areas despite distinct differences in threats, knowledge, and experience, besides using effective and enforceable protocols, training in human factors, and understanding adverse conditions, events, and abnormal behavior patterns [35].Therefore, organizations should take time to understand any vulnerabilities that they might face in order to develop an effective measuring tool following the set of significant physical security threats prevailing in such an industry at that particular time.
An inherent challenge for organizations responsible for maintaining critical infrastructures, such as oil and gas companies, usually lies in protecting assets of high value.Given the scope of their operations and significance to national economies, the implications of an ignored physical security threat could amount to immense losses.For example, in a recent occurrence in Abu Dhabi, three petroleum tankers exploded in a fire near ADNOC storage tanks, resulting in three deaths and six injuries, and one explosion occurred at the new construction area of Abu Dhabi International Airport [36,37].Ultimately, major accidents can cause catastrophic damage to people, process facilities, and the environment, including toxic leakages, fires, and explosions triggered by safety hazards and security threats [2,38].Due to compromised physical security systems, more effective solutions need to be studied and implemented.Nonetheless, the oil and gas facilities in Abu Dhabi might have physical security gaps [39], despite there being no consensus in the literature regarding specific vulnerabilities inherent to different organizations.
The theft of identification cards is one of the most significant physical security threats.While strict rules and procedures can prevent most other physical security threats, a penetrator can circumvent most physical barriers using a stolen identification card.Most controls utilized by organizations fail to address physical security threats related to stolen identification cards [40,41].In particular, a penetrator could use a stolen key or someone else's borrowed access card.Unfortunately, sometimes intruders breach restricted areas because someone has not used a locking system [42].According to [28] during a conference on security technology, maintaining the integrity of electronic locking systems is essential to ensure physical security and manage risks that may threaten an organization's goals.Furthermore, ref. [7] argues that oil and gas facilities struggle with "taking physical measures to protect personnel and prevent unauthorized access to installations, material, and documents, which also include protection against sabotage, willful damage, and theft".
On the other hand, the theft of documents is a prevalent security threat in various sectors, including oil and gas.First, unaccounted visitors, individuals who entered the premises using the tailgating method, stolen access cards, or other penetrators could steal documents lying on employees' desks or access the available information on their computers [43].In this regard, organizations must maintain a "clear desk" policy by ensuring that employees who leave their desks remove all valuable documents to safe places to prevent such threats [44].Second, data theft could be conducted by disgruntled employees who leave their job.Ref. [45] survey found that as many as 87% of employees take the data they have created with them when they leave the company, while 28% would take data that others have created, and 88% take corporate presentations or the company's strategic presentations documents.For example, five individuals were arrested in India in 2015 for conducting corporate espionage at the Oil Ministry and stealing the Ministry's trade secrets [46].In 2021, Joshua Decker confessed to stealing documents and data about valves from the Oil States Piper Valve in Oklahoma [47].
Unaccounted visitors pose a substantial threat to organizations operating in the oil and gas industry for two reasons.First, it is harder to control them and monitor their actions.Second, an organization's security officers will not be able to determine whether specific unaccounted visitors were responsible for an incident since they are unlikely to possess information on whether these visitors were present on the company's premises during this incident [48].Controlling unauthorized visitors could be conducted using various methods, such as swipe cards and visitor passes [49].However, even these measures cannot entirely prevent the threat of unaccounted visitors unless an influential physical security culture supports them.
Another prevalent physical security threat is employee time theft.Generally, time theft can be described as employees being paid for work they have intentionally not completed [50].The relationship between time theft and physical security has not received significant attention in the academic literature.Nevertheless, the available evidence provides a compelling reason to believe that time theft could be a disturbing risk for many oil and gas industries fail to address.It is known that employers lose approximately 4.5 hours every week because of employee time theft [51] and that $0.20 of each dollar made by U.S. companies is lost owing to this problem [52].At the same time, it seems justified to argue that many types of time theft outlined above might expose an organization to physical security threats and affect its performance.This link might be especially true when a less experienced security officer clocks in for a more experienced colleague even though they do not have enough skills and knowledge to use specific security technologies or prevent security threats.In this situation, it seems justified that employee time theft constitutes a disturbing phenomenon from the physical security performance perspective.
Though many mechanisms, such as traditional physical security controls, effective security officers' patrols, fingerprint technology applications, electronic access control, perimeter intrusion, and CCTV surveillance systems, are already incorporated in highlyrestricted security zones in the oil and gas sector [11,53], these security measures display several weaknesses, such as the risk of unauthorized access to restricted facilities due to the loss of an access card or confusion during rush hours [6,16,17].The literature indicates that the risk is exceptionally high when multiple individuals pass through doors, such as during rush hours, making it easy for individuals to follow a person who has already used a swipe card or shown identification [54,55].A small team of security officers could hardly ensure sufficient control, especially when identification and authentication are conducted manually, as human errors are inevitable.Nevertheless, many companies try to use modern technologies, such as biometric authentication, image recognition, and motion sensors, to avoid tailgating and other unauthorized access [56].

External Factors and Physical Security Performance
The academic literature describes the external environment as a plethora of issues that could critically influence an organization's operations, including revenues, profits, and security [57].Whereas internal factors substantially affect an organization's physical security culture, the significance of external factors should not be underestimated.Therefore, organizations must prepare their employees to handle the unique challenges they face, both internal and external, to achieve success [58].National legal systems, political stability, economic status, cultural and social background, and technological advancement are among the most significant constituents of an organization's external environment that contribute to its physical security performance by affecting its resilience to address physical security threats [57].
National legislation could significantly impact physical security performance by determining the minimum standards organizations should apply and introducing constraints in using advanced methods.For example, many government organizations are bound to restrictions concerning sensitive information that have significant implications for physical security [59].Moreover, as the oil and gas industry substantially contributes to the country's economy, since petroleum and crude oil have become the primary fuel sources for critical sectors and infrastructure [60], the government could impose standard requirements for the physical security systems in the organizations, including minimum security training requirements.In theory, such a requirement is supposed to increase the competence of security officers working at organizations, thus improving physical security performance.However, ref. [61] identified organizations' weakest links as the personnel who do not receive adequate security training and knowledge that could help safeguard the organization's assets.
On the other hand, political stability in the country could influence an organization's development, even though its effect on physical security might be less explicit.National political stability impacts business environments via investment and consumption channels [62].Therefore, it seems justified to argue that such an influence manifests through at least three channels.First, national political stability affects enterprise growth at the organizational level, which could hinder the opportunity to build and maintain stable security systems [63].Second, countries with high political stability are expected to ensure relatively high nationwide security to decrease the likelihood of security incidents [64].Third, as stated above, political stability often positively influences investments, empowering organizations to collaborate with foreign enterprises specializing in corporate security and installing the latest security technologies [57].As a result, political uncertainty may lead to a reduction in investment and economic growth.
Moreover, GDP growth and other economic factors might influence the financial performance of organizations and, accordingly, their security budgets.A higher security budget of a firm is likely to correlate with the use of advanced security technologies, such as fingerprint technologies instead of access cards, which could increase the physical security performance level [65].Furthermore, the economy might also affect physical security performance by increasing or decreasing the significance of various physical security threats.For instance, a challenging economic situation in South Africa translates into unprecedented security threats for multiple organizations [66].In light of the above, it seems reasonable to argue that economic factors play a significant role in determining security.Ref. [67] has stated that security and economic development are linked.That is almost a platitude.Without security, there can be no sustained economic development.We need to rethink it to include also socio-economic and cultural factors.
Physical security performance is intricately linked to cultural and social backgrounds.According to [68], national culture strongly influences an organizational security culture.For example, people from a culture that encourages communication and openness might be less capable of preventing the tailgating threat than individuals who promote individualism.On the other hand, an organization dedicated to a security culture encourages its employees to be aware of their surroundings, recognize suspicious activities, perform their work effectively, and take responsibility for their actions [69].The arguments above illustrate that cultural and social background might significantly affect physical security performance.Additionally, it may be worthwhile to consider the relationship between culture and technology from the perspective of continuity, considering the broad sweep of cultural and technological developments from the eighteenth to the twenty-first century [70].
The impact of technological development on physical security is more evident than ever.As [71] posited, technology has the potential to change human behavior and drive the evolution of security cultures, regardless of public concerns about being controlled by technology.The national technological development level positively affects the security market's supply, allowing organizations to utilize recent security technologies such as facial recognition technology [72].Furthermore, this issue might also positively impact organizations' physical security through indirect channels.For example, the technological development level in a country affects people's attitudes toward technologies, their resistance to implementing new technologies at work, and their willingness to embrace new technologies in daily work activities [73].Nevertheless, it seems sensible to agree with [28] in their conclusion during a conference on security technology, that "technological developments have resulted in security technologies and whole built environment systems progressing toward increased integration and connectivity".As a result, the national technological development level might positively influence an organization implementing new physical security technologies, especially to maintain influential physical security culture.

Integrative Approach to Physical Security Culture
In today's business environment, diversified strategies are necessary for protection against multiple threats and to reduce the risks organizations might face [35].Despite [74] observation that more advanced security technologies are being implemented in rapidly changing business environments, including surveillance cameras with facial recognition capabilities, drones for aerial surveillance within integrated security control room command systems provide law enforcement agencies with immediate notification of suspicious activity or individuals.The unfortunate trend is that many organizations in the oil and gas industry are still operating with legacy security habits that are outmoded and vulnerable to physical security threats because they require constant upgrade and review.
Furthermore, available evidence indicates that simple locks or security officers' presence might not be sufficient for maintaining a desirable level of physical security in the oil and gas industry [13].Moreover, ref. [75] have noted that the sector has lagged even though the demand for new scientific knowledge and organization of security activities has increased significantly over time.The oil and gas industry has a complex security landscape because the physical security culture requires protection.For instance, physical perimeter barriers are necessary for the protection of physical assets from adverse conditions and unauthorized personnel.As a result, oil and gas industry organizations invest significant resources to establish an effective physical security system due to the criticality of their assets.Therefore, this issue has led to further research into automated technology solutions to assist physical security teams [76].A typical physical security system would incorporate multiple security measures to deter, detect, and delay physical security threats while providing sufficient time for the security team to respond.
However, physical security is not a one-step, straightforward process to identify where improvements are required; it requires continual refinement, revision, and monitoring to keep pace with evolving modern technology and rapidly changing environments [77].Furthermore, as the demand for better security infrastructure has grown, the difficulty and challenge of addressing the competing realities of new conditions has intensified.Physical security systems based on new technologies could have weaknesses and account for further research and development to improve their performance.Ref. [71] argue that new technology not only contributes to adequate security but may also create new vulnerabilities.Therefore, the solution calls for switching to an integrated physical security system that utilizes primary security components compared to a legacy and isolated system for assessing, detecting, tracking, and responding to new threats [78].According to [26], in every organization, regardless of size or industry, physical security must be integrated into the culture, as any security measure taken can significantly impact employee safety and the organization's success.
An integrated approach essentially utilizes different technologies to optimize performance.In contrast, traditional systems require security personnel to consistently assess the progressions in various screens, identifying and noting suspicious activities.Unless proper monitoring procedures are in place, these security controls may become obsolete and redundant [79].Furthermore, the company's management should also strive to develop manageable and reasonable protocols, and any protocol that does not meet this test should not be developed [80].Finally, it seems sensible to conclude that an organization's ability to purchase and maintain the necessary technology and equipment predetermines its resilience to physical security threats [78].Therefore, the current study focused on an integrative approach to physical security culture for the introduction of facial recognition technology in a UAE oil and gas company to enhance its physical security system.
However, this approach should not suggest that facial recognition technology will likely displace human power because personnel must monitor and respond to potential threats.For example, the need for human response to alarms and emergencies will continue as long as assets require physical security protection, at least until the day comes when sophisticated robots can take their place, but human judgment is yet to be effectively replicated through high technology [81].Integrating facial recognition technology into the physical security system of the current organization in the UAE should align with the underlying technologies and each organization's function.As a result, an integrated physical security framework is essential for introducing facial recognition technology into the organization's physical security structure.An integrated approach to physical security protection offers improved security coverage with fewer human operators.Indeed, integrated security systems provide a foundation for applying and implementing security policies and frameworks across the entire organizational domain [82].Furthermore, ref. [83] suggest that this approach can offer visibility into how the technological, human, and organizational domains interact.Therefore, an integrated security system will likely provide better performance and viable options than conventional systems.

Managing Physical Security Threats through FRT Integration in a UAE Oil and Gas Company
Preliminary studies have shown that FRT can enhance physical security systems by addressing their vulnerabilities in mitigating physical security threats [32,78,84,85].Furthermore, studies have proven this technology's capabilities in different industries, and its implementation has been skyrocketing [86][87][88][89].With the current trends showing an inclination toward touchless physical security technology, which could be essential in mitigating the risks and challenges brought by the global coronavirus pandemic, integrating facial recognition technology (FRT) into the current UAE oil and gas company's physical security system will offer extensive benefits to the company.Thomas Norman suggests that integration is reached by comprehending an organization's system capacities and combining diverse simple components, which collectively actualize higher functions [90].
The UAE is a pioneer in biometric implementation.In the last decade, it has integrated multiple biometric technologies into critical infrastructure systems, such as border control, to strengthen security and protect its citizens [91,92].Several biometric features, including facial recognition technology, are already used in airports and by the police, which has allowed the UAE government to combat crime and reduce the possibility of security threats.Furthermore, unmanned aerial vehicles (UAVs), also known as drones, are used in UAE law enforcement and field operations to keep up with the latest security technologies [93].For example, the UAE is testing a facial recognition system equipped in a moving police patrol car to detect the presence of wanted persons in public [94].Moreover, the Dubai police were able to arrest 319 suspects in 2019 by integrating FRT with video surveillance [95].As a result, FRT and other biometric features are not new in the Emirate.
Simultaneously, the recent approval in early 2021 by the UAE cabinet, led by Sheikh Mohammed, on facial recognition technology implementation has opened new opportunities to extend to other sectors, such as the oil and gas industry [96,97].Therefore, FRT has become increasingly popular in the UAE, and government officials anticipate that security technology that utilizes artificial intelligence (AI) will enhance the physical security performance of many private organizations [98].In light of these innovations, there is no reason to doubt that FRT will continue to expand in the UAE.On the other hand, many oil and gas companies in Abu Dhabi have not utilized advanced security technologies, such as facial recognition, in their physical security systems.
As recommended by [99] in his study, the future of physical security must embrace advanced technology to remain competitive with the ever-changing threat landscape spawned by the digital revolution.However, reviewing the entire Abu Dhabi Safety and Security Planning Manual, it is clear that facial recognition technology is not an essential aspect of physical security [100].However, the document recommends promoting the use of active systems following a risk assessment for safety and security [100].Therefore, introducing FRT into the overall physical security system in the UAE oil and gas company will offer a platform for the adoption of an enterprise-class security model's inherent simplicity, which will result in lower maintenance costs and improved convenience.Particularly with the global coronavirus pandemic, the manual identification and authentication of individuals by security officers has become more challenging.
Moreover, this technology could protect against physical security threats when other methods cannot deter and detect them and enhance the effectiveness of different physical security measures.Unlike access control cards or most other methods, FRT minimizes the risk of tailgating, impersonation, stolen access cards, and other threats related to unauthorized access [101].While such cards are theoretically sufficient, if a card is stolen, an unauthorized individual may be able to access restricted areas [6].According to [102], the critical element in designing an organization's physical protection system is the site entrance, which insiders can cross without any detection due to their authorized access, and outsiders utilize counterfeit authorization techniques, including impersonation and stolen access cards, to gain access.
Furthermore, the existing physical security controls often do not provide effective instruments to prevent impersonation in most organizations.For example, an access control card could be stolen or lost, enabling perpetrators to enter restricted areas and incur substantial losses to an organization [103].On the other hand, facial recognition technology offers a higher level of security because it makes impersonation highly unlikely [104].Similarly, fingerprint technology seems more secure from this perspective.At the same time, it could be circumvented with the help of artificial cloning of known fingerprints, severed fingerprints, and even fingerprints of authorized employees who are forced to help criminals enter secure areas [105,106].However, the onset of the Covid-19 epidemic led to a steep fall in the market for contact fingerprint scanners, leading organizations to shift focus to the development of contactless verification technologies and the improvement of facial recognition technology [107].In this situation, the oil and gas industry of Abu Dhabi requires a more sophisticated recognition method.
In the past few years, there has been considerable growth in facial recognition detection and analysis development and adoption technologies, which has led to the identification of critical biometric elements used within facial recognition technology [108].The use of FRT can assist in the identification of individuals gathered at a point of emergency assembly.It is possible, for example, to locate persons who did not reach an emergency assembly point with a CCTV surveillance system with FRT integration [109].In contrast to using CCTV surveillance alone, this integration would allow an incident management team (IMT) to dispatch response teams as soon as possible at the missing persons' exact locations identified through real-time tracking to protect them [6].Furthermore, the emergency response process in physical security is typically reactive, such as reacting after an incident occurs, where time is crucial, rather than proactively mitigating risks [110].
The available evidence provides a compelling reason to believe that the verification and authentication processes based on FRT are more accurate than those based on other technologies [111].For example, while the best FRT algorithm in 2014 had an error rate of 4.1%, recent applications display accurate rates of 99.97% [112].The main reason behind the superior capability of FRT solutions to track individual movements is connected with its ability to verify a persons identity early [111], which allows security officers to analyze the behavior of individuals the entire time they are on the company's premises.As a result, it seems reasonable to conclude that facial recognition technology allows organizations to track and identify criminal activities on a premise, simultaneously alerting them to necessary precautionary practices [113].
Finally, facial recognition technology could be instrumental in monitoring employees' time attendance.For example, buddy punching or beating the time clock could adversely affect organizations [114][115][116].The use of facial recognition technology would prevent such scenarios, as an organization would be able to make sure that the time attendance of all the employees is accurately processed.Several organizations have already implemented attendance management systems based on FRT [117,118].However, while these facial recognition technology elements have proven their effectiveness, it might not be enough to fully address this technology's implementation amidst the global outbreak of the COVID-19 pandemic, wherein people are required to wear face masks and other face covers to protect themselves.Nevertheless, FRT utilization could provide significant relief, as it has effectively enhanced security in many sectors, such as public administration, banking, and air travel [91,119].This is especially true of recent data that show that facial recognition applications' success rate in identifying persons' identities is around 95% for people wearing masks and 99.5% for people without them [120].Furthermore, the COVID-19 pandemic has led to the adoption of touchless technologies that effectively reduce the risks associated with spreading the pandemic while maintaining the required security levels.According to a new study by [121], globally, the biometric technology market size is projected to reach USD 137.5 billion by 2030, growing at a CAGR of 13.05% between 2022 and 2030.

The Conceptual Framework of Integrative Physical Security Culture
The main concept was depicted by [23] and provided an overview of the key concepts in designing this study's conceptual framework.Since it was crucial to investigate the physical security in the present organization to understand the gaps existing in its various measures, selecting this framework was ideal as it is characterized by an attempt to conceptualize physical security culture in an integrative approach by measuring it as a whole and describing its various dimensions.
For example, in their research, [23] discussed physical security culture from a perspective that brought physical security threats, external factors, and physical security culture domains together.Its approach, therefore, allows for the development of a more nuanced understanding of physical security and analysis of it as a system [20].Therefore, with the help of this concept, the study was able to position facial recognition technology within the existing system, examine its interrelationships with other domains of physical security culture and investigate its functionality and influence on physical security performance.
The conceptual framework shown in Figure 1 was constructed because the study focused on the relationship between physical security culture, physical security performance, and the potential of integrating FRT.Therefore, the framework demonstrates the connection between the research variables across the physical security culture and the research hypotheses.The first hypothesis examines the relationship between the physical security culture and the organization's physical security performance.The second hypothesis focuses on the relationship between facial recognition technology efficiency and FRT integration into the organization's physical security.Furthermore, the third and fourth hypotheses determine the relationship between physical security threats, external factors, and physical security performance.The final hypothesis examines the relationship between facial recognition technology integration and the physical security performance at the organization.
In this framework, external factors, which have a significant role in the [23] model, are presented by perceived national legal systems, political stability, economic status, cultural and social background, and technological advancement.External factors were quantified in the study based on respondents' perceptions.Similarly, physical security threats were presented by stolen identification cards, theft of documents, unaccounted visitors, employee time theft, and unauthorized access.Respondents' evaluations were quantified using a five-point Likert scale.However, the physical security threats and external factors on hypotheses three and four were used to get the respondents' perceptions on the relationship with the organization's physical security performance.
Therefore, applying this framework in the current study would allow for the investigation of these changes in detail, covering explicit and implicit transformations.Furthermore, the literature suggests that the physical security culture plays an essential role in all the processes related to physical security [18][19][20]22,23].
ternal factors on hypotheses three and four were used to get the respondents' perceptions on the relationship with the organization's physical security performance.
Therefore, applying this framework in the current study would allow for the investigation of these changes in detail, covering explicit and implicit transformations.Furthermore, the literature suggests that the physical security culture plays an essential role in all the processes related to physical security [18][19][20]22,23].

Methodology
Some researchers have argued that understanding research philosophy can help researchers explain their study designs [122].This indicates that the general framework of the research comprises the sorts of evidence obtained on a particular topic related to the problem under investigation, how they were acquired, and how they would be analyzed.This study's primary goal was to investigate the potential of facial recognition to address reported security gaps within the physical security system of the UAE oil and gas company.Therefore, to achieve this goal, it was necessary to examine the relationship between the physical security culture and the performance of physical security and explore the relationship between facial recognition technology efficiency and its integration into the physical security system.Additionally, it was necessary to investigate how physical security threats and external factors affect physical security performance.However, it was shown in the literature review that the amount of information on these matters is insufficient.Therefore, one of the few methods to collect necessary data for conducting this study was to retrieve this information from the employees working at the present company.In this situation, it seemed justified to select critical realism as the main research philosophy of this study.As it is known, critical realism allows scholars to explore reality through the analysis of sensations of research phenomena that are shared by humans while also thoroughly addressing and eliminating the biases that inevitably accompany such sensations [123].

Methodology
Some researchers have argued that understanding research philosophy can help researchers explain their study designs [122].This indicates that the general framework of the research comprises the sorts of evidence obtained on a particular topic related to the problem under investigation, how they were acquired, and how they would be analyzed.This study's primary goal was to investigate the potential of facial recognition to address reported security gaps within the physical security system of the UAE oil and gas company.Therefore, to achieve this goal, it was necessary to examine the relationship between the physical security culture and the performance of physical security and explore the relationship between facial recognition technology efficiency and its integration into the physical security system.Additionally, it was necessary to investigate how physical security threats and external factors affect physical security performance.However, it was shown in the literature review that the amount of information on these matters is insufficient.Therefore, one of the few methods to collect necessary data for conducting this study was to retrieve this information from the employees working at the present company.In this situation, it seemed justified to select critical realism as the main research philosophy of this study.As it is known, critical realism allows scholars to explore reality through the analysis of sensations of research phenomena that are shared by humans while also thoroughly addressing and eliminating the biases that inevitably accompany such sensations [123].

Research Method
Quantitative research methods evaluate specific quantifying parameters of interest [124].According to [125], selecting the appropriate research methodology is pivotal in ensuring effective research based on finding the connection between research objectives and the attributes of available opportunities for collecting the essential insight for a study.The current research aimed to assess the feasibility of integrating FRT into the physical security system in the UAE oil and gas company.Due to the criticality of the issues identified in the research questions and the need to provide concise insight into the correlation between respondents' perceptions and the current practices in the company, this study relied on a quantitative research methodology.A quantitative research methodology enables the assessment and quantification of variables, which is mandatory for examining a causal relationship [126].Therefore, selecting a quantitative research methodology offered a platform for making several estimations through empirical observations that used statistical expressions to define the underlying relationships in the research questions [125].The author employed a survey strategy in a self-administered questionnaire in this study.The author chose this strategy because surveys are standardized in that respondents are asked the same questions phrased in the same manner, whereas alternative approaches lack this consistency.A survey approach is a quantitative technique in which a researcher asks preset questions to a large group or a random sample of individuals [127].Therefore, the approach effectively supported the collection, analysis, and presentation of findings on the research problem.

Survey Instrument Development
The questionnaire used in the study was developed based on the literature review's findings.Ref. [128] addressed that when researchers seek to collect opinions and sentiments from a large sample, they prefer to create carefully structured and pre-tested questionnaires as a convenient method.The survey questionnaire used in this research included questions about the company's physical security culture, the projected efficiency of facial recognition technology, the reported significance of physical security threats and external factors for the organization, and the physical security performance and facial recognition technology integration at the organization.As [129] explain, a security survey's purpose is to determine an organization's current security status, identify any deficiencies, and make recommendations to enhance the organization's security.The quantification of all the variables was conducted with the help of Likert's five-point scale.This scale is one of the most popular methods to quantify survey variables and has been successfully applied in many quantitative studies [130].
The questionnaire had six significant sections that dealt with different aspects of the topic under investigation.The first section of the questionnaire comprised a brief demographic part with questions about the respondent's age, gender, and work experience, which was necessary for analyzing the validity and reliability of this study.The questionnaire's second section included questions about the physical security culture at the company and its elements comprising company policy, security procedures, CCTV surveillance, fingerprint technology, perimeter intrusion detection, traditional physical security controls, access control systems, security officers, and employees' attitudes.The third section focused on the efficiency of facial recognition technology and its integration with the organization's physical security system.The respondents were asked to evaluate the efficacy of facial recognition technology in processing time attendance, preventing unauthorized access, tracking individual movements, verifying and authenticating individuals, and detecting impersonation.In the fourth section of the questionnaire, the respondents were asked about the relationship between physical security threats and physical security performance in the company.Simultaneously, the respondents were asked about external factors and their relationship to the organization's physical security level in section five of the questionnaire.The sixth and final section focused on the projected performance of the organization's physical security after integrating facial recognition technology.The respondents were asked questions to evaluate the company's physical security performance.Questions regarding the quality of physical security response and the detection of unauthorized access were asked.

Study Sample (Size) and Data Collection
All statistical analysis relies heavily on sample size to produce valuable results.Ref. [131] have suggested that a larger sample size is required for more sophisticated statistical analyses.This study utilized structural equation modelling (SEM) to conduct various analyses, and as with other statistical techniques, the adequate sample size is essential for valid conclusions to be drawn [132].Sampling is about choosing from a specific population to draw valid conclusions from research results [133].Therefore, selecting the appropriate sample that is enough to allow the generalization of the whole population is a basis for a quantitative study.While it was suggested by [134] to include a minimum of five participants for each item (indicator), and the sample size for each analysis should not be less than 100 persons.However, a sample size minimum of 200 was recommended by [132,135] to ensure strong SEM analysis results.Simple random sampling was used because it is the basic selection process, easiest to understand, ensures the least bias, and the results can be generalized [136,137].The sampling frame listing all the employees working in the company and their complete details was obtained from the management.
Every other research strategy employs a distinct methodology for data collection and analysis, and each methodology has benefits and drawbacks [138].Among the primary objectives of conducting research is choosing the most helpful strategy.Given the assumptions of a consistent response rate to get the desired sample size, the researcher, following the above recommendations, aimed to achieve more than 200 complete and usable questionnaires.The author selected a self-administered questionnaire as the primary data collection method distributed in-person, owing to its many advantages beyond budget and time constraints [139].A target of 450 questionnaires was set to get the required sample size.However, only 400 questionnaires were distributed to the population due to various challenges, such as enforced restrictions for COVID-19, where the organization was hesitant to provide time out for the completion of surveys, especially when groups of employees gathered to answer questions or restricted access to some high-security zones.A total of 380 questionnaires were received.Among the 380 questionnaires, 371 were complete and usable, 20 employees did not submit the questionnaire, while the remaining nine were incomplete and had inconsistent responses.As a result, the author prepared the next steps for data preparation and analysis with the dataset from 371 samples.

Data Analysis
This section aims to test the research hypotheses developed for the current study by employing various statistical techniques to analyze the quantitative data and present the data analysis findings.The statistical software SPSS version 25 and the structural equation modelling (SEM) Smart-PLS version 3.3.9were used to analyze the responses to the questionnaires distributed to the participants.In addition, demographic analysis and descriptive statistics were conducted before presenting structural equation modelling (SEM) for the study of measurement and structural model analysis within the Smart-PLS [140].
Given the selected approach of distributing the questionnaires in-person to individual participants, 400 questionnaires were handed out compared to the target of 450.As a result, out of 380 questionnaires received, 371 were complete and usable, reaching a response rate of 97.6%, considered an excellent response rate related to studies using a survey method [141], as shown in Table 1.On the other hand, 20 employees did not turn in their questionnaires, and the remaining nine, constituting 2.4% of the unusable questionnaires, were incomplete and had inconsistent responses.

Demographic Features of Respondents
This section presents the respondent distribution for all demographic variables and, as illustrated in Table 2, the respondents were predominantly male, comprising 94.1% of the sample, whereas only 5.9% were female.Therefore, the results imply that most employees working at the selected company are male.In addition, according to the data, 33.2% of respondents were aged 35 to 44, the highest frequency, 24.3% were 45 to 54, and 7.8% were over 55.As indicated by the respondents' work experience results, respondents with four to five years of work experience had the highest frequency of 30.2%, followed by respondents with two to three years of work experience, constituting 29.6%, and respondents with work experience over eight years had the lowest frequency at 3.2%.Since most respondents had four to five years of experience at the organization, this could indicate a moderate familiarity with the physical security system.On the other hand, most respondents had a bachelor's degree, representing 38% of the total, showing a high level of knowledge, followed by some college at 25.6%, and the lowest frequency was among those with a Ph.D. degree, standing at 4.3%.Additionally, "job position" results reveal that employees working at the management level were the most frequent, comprising 29.6%, followed by ordinary staff at 26.1%, and executive management being the lowest frequency, represented by 6.5% of the total respondents, again implying that most of the respondents were knowledgeable.
Furthermore, responses questions regarding the frequency of driving company vehicles revealed that the highest frequency is attributed to respondents who sometimes drive, accounting for 29.4%, followed by those who "rarely" drive, at 20.5%.These results show that 29.1% of respondents drove the company vehicle either often or very often.Responses to the question about security procedures and measures used at the company show that the majority of respondents had a moderate level of familiarity, as represented by 34.2% of the total respondents, followed by responses that were "slightly familiar" at 27%, while 25.3% had a very or extremely high level of familiarity.These results suggest that the collected data had a high content validity as the number of respondents unfamiliar with the security procedures and measures used by the company was small, representing 27% of the total.

Measurement Model
The measurement model specifies the characteristics of the observable variables used to make measurements and the rules that control how latent variables (LV) are measured in terms of the observed variables (items).The initial phase of the study consists of confirming the validity of the measurement model (Figure 2).However, when developing measurement models, paying close attention to the existing relationship between observable (items or indicators) and hidden variables (latent variables) is essential.Confirmatory factor analysis (CFA) is the statistical analysis that confirms the factor structure of a set of observed variables [142].Moreover, this technique allows the researchers to examine the hypothesized relationship between the latent variables and their measurements.Therefore, confirmatory factor analysis was used to evaluate the measurement model's reliability (Cronbach's and composite reliability) and the model's validity (convergent validity and discriminant validity).
Sustainability 2022, 14, x FOR PEER REVIEW 16 The significance of the measurement model may be attributed to the fact that it uates the dependability of the observable variables used in the measurement of the cealed variables.Reliability refers to a measurement instrument's accuracy, consiste and stability over time.When the result is consistent, a conclusion can be drawn tha results are not affected by chance [143,144].This characteristic is known as indicator ability and may be evaluated using outer loadings.Examining the indicator loadin the first step in the reflective measurement model evaluation process.This is followe analyzing the internal consistency reliability via composite reliability and the conver validity of each construct measured by average variance extracted (AVE) for all item each construct.The outer loadings must be at least 0.708 or higher as a general rule [ and based on the results, all loading was above 0.7 and ranged between 0.744 to 0 Table 3.
On the other hand, a Cronbach's alpha test was performed at this early stage of The significance of the measurement model may be attributed to the fact that it evaluates the dependability of the observable variables used in the measurement of the concealed variables.Reliability refers to a measurement instrument's accuracy, consistency, and stability over time.When the result is consistent, a conclusion can be drawn that the results are not affected by chance [143,144].This characteristic is known as indicator reliability and may be evaluated using outer loadings.Examining the indicator loadings is the first step in the reflective measurement model evaluation process.This is followed by analyzing the internal consistency reliability via composite reliability and the convergent validity of each construct measured by average variance extracted (AVE) for all items on each construct.The outer loadings must be at least 0.708 or higher as a general rule [145], and based on the results, all loading was above 0.7 and ranged between 0.744 to 0.928, Table 3.On the other hand, a Cronbach's alpha test was performed at this early stage of data analysis to ensure all constructs had acceptable Cronbach's alpha scores before applying other statistical methods, such as factor analysis and structural equation modeling (SEM).However, this method is susceptible to the number of items on the scale, which could result in an underestimation of internal consistency reliability.Nevertheless, a value of 0.7 and above is considered acceptable.Table 3 indicates that Cronbach's alpha scores for all individual constructs range from 0.846 to 0.931.Hence, all were above the recommended level of 0.7 [137,139,143,146].In addition, composite reliability (CR), a distinct internal consistency reliability assessment, was used to measure internal consistency based on the interrelationships between observed items.This type of reliability considers the various outer loadings of the indicator variables, according to which a CR of greater than 0.7 is acceptable [147].The composite reliability (CR) results, shown in column 5 in Table 3, ranged from 0.907 to 0.946, which was above 0.7, indicating an acceptable value for the reliability of all variables.
Furthermore, convergent and discriminant validity are tests performed during the measurement model's testing phase.The convergent validity was examined using a reflective construct since all research variables in this study were reflective constructs.Convergent validity refers to how the new scale relates to other variables and measures of similar construct, which could be considered a subclass of construct validity [148].Therefore, the average variation extracted (AVE) metric, which is used to assess the proportion of explained variation by indicators in comparison to measurement errors, receives support from the concept of convergent validity.Based on this concept, it is possible to evaluate the convergent validity of the constructs by calculating the average variance extracted (AVE).This method attempts to quantify the amount of variation that a latent variable component retrieved from its indicators compared to the amount due to measurement.It is proposed that the minimum ideal level of average variance extracted (AVE) be 0.5 to ensure a reasonable degree of convergent validity [147,149,150].According to the research results in Table 3, the AVE varied between 0.628 and 0.825, confirming their contribution to related constructs.
Consequently, establishing discriminant validity denotes that a construct is distinct and includes occurrences not covered by other constructs in the model [151].Three criteria can be used to evaluate the discriminant validity of a model, including the Fornell-Larcker criterion [149], the heterotrait-monotrait ratio of correlations (HTMT) criterion, and the cross-loading criterion.According to [149], if the square root of AVE is bigger than the correlations between the latent variables, the two constructs are said to be discriminant.Table 4 represents the results of the square root of each construct's AVE, which were greater than the correlation of latent variables, indicating that the constructs were strongly related to the corresponding indicators.However, some methodological experts have criticized the Fornell-Larcker criterion for assessing discriminant validity.As a result, ref. [152] proposed an alternative approach based on the multitrait-multimethod matrix to assess discriminant validity: the heterotraitmonotrait ratio of correlations (HTMT).According to [137], to distinguish between the two structures, the HTMT value must be smaller than 0.90.Therefore, the HTMT values for each construct covered by this investigation are displayed in Table 5.The constructs consequently showed adequate discriminant validity since all values were below 0.9.Moreover, this study used a third method, cross-loading criteria, to assess discriminant validity at the item level by row and column.This approach seeks to ascertain if indicators (items) loading on a particular latent construct should be greater than the loading on all other associated constructs [153,154].While the Fornell-Larcker criterion measures discriminant validity on a construct level, the cross-loadings facilitate this assessment on an indicator level.Based on Table 6, the loading of each indicator was more significant than all of its cross-loadings, which indicates that the measuring model's constructs construct by row and column.This demonstrates that each construct exhibited a high level of unidimensionality, thus sufficient discriminant validity.

Assessing the Structural Equation Model
Structural equation modeling was applied to assess the research hypotheses.According to the research framework in the path model in Figure 3, the effects of physical security culture, physical security threats, external factors, and facial recognition technology integration (as independent variables) on the performance of physical security (as dependent variables) were studied.Besides that, the relationship between facial recognition technology efficiency and facial recognition technology integration was also included in the path model.
The bootstrapping approach was utilized to evaluate the importance of the proposed research hypotheses for the path model.Bootstrapping comprises generating new samples from the existing dataset by randomly resampling them [147].Figure 3 illustrates the evaluation of the standardized path coefficients (β), t-statistics (the ratio of estimated beta value to its standard error), and p-values, the significance of the path model based on bootstrapping.The results consider [155] statement that the p-value identifies whether the effect occurs but does not indicate the magnitude of the effect and the R 2 for each endogenous component.According to the results in Table 7, the effect of physical security culture on the performance of physical security was positive and significant (β = 0.163, p < 0.001).Similarly, facial recognition technology integration had a positive and significant effect on the performance of physical security (β = 0.241, p < 0.001).Results also show that the effect of physical security threats on the performance of physical security was positive and significant (β = 0.120, p = 0.006).The last exogenous variable was external factors, and results indicate that external factors had a positive and significant effect on the performance of physical security (β = 0.254, p < 0.001).Furthermore, the results show that facial recognition technology efficiency had a positive and significant relationship with facial recognition technology integration (β = 0.540, p < 0.001).
Since there were four control variables, including work experience, education position, and knowledge, the path model results show that, except for work experience, other control variables had a significant relationship with physical security performance.On the other hand, the relationship between job position and performance of physical security was positive and significant (β = 0.155, p < 0.001), which means a higher level of job position tends to have a higher performance of physical security.Likewise, the educational level also had a positive and significant relationship with the performance of physical security (β = 0.106, p = 0.002), indicating that respondents with higher education levels had a compelling performance of physical security.Furthermore, the results also show a positive and significant relationship between the knowledge level and physical security performance (β = 0.123, p < 0.001).According to the results in Table 7, the effect of physical security culture on the performance of physical security was positive and significant (β = 0.163, p < 0.001).Similarly, facial recognition technology integration had a positive and significant effect on the performance of physical security (β = 0.241, p < 0.001).Results also show that the effect of physical security threats on the performance of physical security was positive and significant (β = 0.120, p = 0.006).The last exogenous variable was external factors, and results indicate that external factors had a positive and significant effect on the performance of physical security (β = 0.254, p < 0.001).Furthermore, the results show that facial recognition technology efficiency had a positive and significant relationship with facial recognition technology integration (β = 0.540, p < 0.001).Since there were four control variables, including work experience, education position, and knowledge, the path model results show that, except for work experience, other control variables had a significant relationship with physical security performance.On the other hand, the relationship between job position and performance of physical security was positive and significant (β = 0.155, p < 0.001), which means a higher level of job position tends to have a higher performance of physical security.Likewise, the educational level also had a positive and significant relationship with the performance of physical security (β = 0.106, p = 0.002), indicating that respondents with higher education levels had a compelling performance of physical security.Furthermore, the results also show a positive and significant relationship between the knowledge level and physical security performance (β = 0.123, p < 0.001).
The R square value is the proportion of the dependent variables' variance that can be accounted for by the independent variables, otherwise recognized as the coefficient of determination or the coefficient of multiple determination for multiple regression.The Smart-PLS algorithm function was used to calculate this study's R 2 values (Table 8).Ref. [156] have suggested that, for the explained variance of a particular endogenous construct to be considered adequate, R 2 values should be equal to or greater than 0.10.The adjusted R 2 for facial recognition technology integration as an endogenous variable in the model was 0.290.Ref. [157] has stated that R 2 is significant if it exceeds 0.26, which means that 29% of facial recognition technology integration changes among respondents can be explained by facial recognition technology efficiency as a single independent variable.On the other hand, the adjusted R 2 for the physical security performance as the main dependent variable in this model was 0.780, indicating 78%, and could be explained by all exogenous variables, including physical security culture, facial recognition technology integration, physical security threats, external factors, and four control variables including work experience, education, position, and knowledge.

Discussion on Findings
The study's main goal revolves around determining whether there is a relationship between physical security culture and the performance of physical security, the efficiency of facial recognition technology and its integration with the physical security system, physical security threats and the performance of physical security, external factors and the performance of physical security, and FRT integration and physical security performance.Therefore, the discussion section aims to answer all these relationships and demonstrate how the study's findings contribute to the existing knowledge of the problem under investigation.

The Relationship between Physical Security Culture and the Performance of Physical Security in the Company
Several studies have pointed to the significance of organizational culture for strengthening organizational resilience to physical security threats, as it not only directly affects organizational security policies but also influences employees' behavior in many domains that are relevant to physical security [5,24,[158][159][160][161].Results of the multicollinearity analysis indicate that the physical security culture has a low VIF value (3.077) which is significantly lower than the cut-off value of 10. Results of hypothesis testing indicate that the effect of physical security culture on the performance of physical security is positive and significant (β = 0.163, p < 0.001).Since the p-value is lower than 0.001, illustrating that a relationship between the variables is statistically significant, and lower than the beta-value of 0.163, the results suggest that a one-unit increase in the physical security culture is likely to induce a one-point increase in reported physical security performance.An effective organizational culture strengthens a firm's resilience toward external threats, including physical security ones, and simplifies the implementation of effective instruments for the protection of key assets and resources [162].
Based on the study's results, it seems justified to conclude that a physical security culture turned out to be an important driver of physical security performance at the company.
Moreover, the information analyzed in the literature review provides a compelling reason to believe this culture plays a major role in ensuring a high level of physical security in oil and gas facilities [24,60,163].In particular, one might presume that the physical security culture could reduce uncertainties related to a security system [164].At the same time, many studies imply that a significant relationship could exist between these variables [24,60,[163][164][165][166][167][168].Another valid assumption is that the facility's physical security culture helps integrate personnel, information, administrative, technological, and physical security domains, as suggested by [168], thus increasing the overall level of protection.

The Relationship between Facial Recognition Technology Efficiency and Its Integration with the Company's Physical Security System
There is a consensus among scholars that facial recognition technology is an example of a biometric technology that could be highly effective in upgrading physical security systems and protecting organizations' critical assets from physical security threats [103,109].The literature offers many insights into the efficiency of facial recognition technology.For instance, ref. [169] argue that applications utilizing facial recognition technology could be highly effective for detecting intruders in high-risk areas, thus protecting critical organizational assets from physical security threats.Moreover, ref. [170] insist on implementing biometric technologies into the physical security systems of oil and gas facilities to prevent human errors, which often magnify the security risks these organizations face.Considering the multitude of findings on the efficiency of facial recognition technology, it is not surprising that participants of the research view facial recognition technology as a valuable security solution that can address pressing security threats that the company under study faces.
Statistical tests show a positive and significant relationship between the reported efficiency of facial recognition technology and its integration into the existing physical security system.The p-value for the relationship is less than 0.001, which is below the significance level of 0.05.Furthermore, the beta coefficient for the regression is 0.540.In other words, a one-unit increase in the reported efficiency of facial recognition technology results in a corresponding increase in the ease of integrating FRT into the physical security system by 0.540.A relationship between the reported efficiency of facial recognition technology and its integration with the existing physical security system could be approached from both the technological and human perspectives of physical security culture.For example, many studies have mentioned the importance of improving the education of security officers to increase their competence and qualifications, thus preparing them for the application of modern security measures, such as facial recognition technology [76,158,171].At the same time, it could be inferred from the findings of this study that officers' perceptions of the efficiency of new security measures, such as facial recognition technology, could also be instrumental in facilitating their integration into the organization's physical security system.

The Relationship between the Perceived Physical Security Threats and the Performance of Physical Security in the Company
The notion of facial recognition technology integration with the current company's physical security system is based on the assumption and evidence that several physical security gaps exist due to legacy technology currently in use despite inefficiency in detecting and deterring some physical security threats.As a result, the researcher anticipates that the introduction of facial recognition technology will improve the company's assets from pressing physical security threats, thereby increasing the facility's overall performance of physical security.Physical security systems are usually created in light of organizations' existing and potential risks [164].Moreover, many physical security controls are specifically adjusted to respond to physical security threats that other measures cannot effectively address [167,172].As such, it is not surprising that there is a statistically significant relationship between the variables.
Both the variables have high Cronbach's alphas (0.911 and 0.846 for physical security threats and physical security performance, respectively).Therefore, removing any of them is unnecessary before running statistical tests.Results of the regression analysis show that there is a positive and statistically significant relationship between the reported significance of physical security threats and the reported performance of physical security at the company.The p-value for this regression is 0.006, which is higher than the p-values for most other regressions.Furthermore, the beta coefficient for the relationship between these variables is 0.120.In other words, a one-point increase in the reported significance of physical security threats results in a slight increase in physical security performance.Therefore, it is sensible to argue that the promotion of physical security culture requires a thorough understanding of physical security threats and their implications.
For example, the OCTAVE Allegro framework introduced by [173] explicitly addresses 40 security risks facing smart homes in order to deploy customized solutions to prevent each security risk.Additionally, the dataset [102] used in their study consisted of 373 securityrelated incidents from industrial facilities in the oil and gas sector, where a range of complementary synergistic tools was applied to the structured analysis.Furthermore, in the study by [166], which is dedicated to the methods and techniques for improving the physical security of critical infrastructures, the proposed two-phase security approach took into account 27 parameters related to the significance of various threats, such as the failure rate of certain controls, the number of attackers, the number of security officers on certain points, and many others.

The Relationship between the External Factors and the Performance of Physical Security in the Company
The academic literature has given insightful knowledge on the plethora of external factors that influence the performance of an organization's physical security.The literature review's findings illustrate that external factors are relevant for the evaluation of the protection of organizations' assets from physical security threats.Unfortunately, none of the studies analyzed in the literature review section, except for the one by [62], directly describes the impact of various external factors on physical security performance.At the same time, the need to consider external factors when designing and implementing physical security strategies has been articulated by many scholars, including [109,163,174,175], and many others.
Results of the multicollinearity analysis indicate the VIF value of 1.98 for external factors.Therefore, measurements of the model's variability and reliability showed that the researcher could examine a relationship between the variables.It could be inferred from the study's results that the reported significance of external factors from the physical security perspective plays a significant role in shaping the company's physical security performance.The p-value for the relationship between the variables is below 0.001, while the beta coefficient is 0.254.A one-point increase in the reported significance of external factors, therefore, results in a slight increase in the level of physical security performance at the company.
External factors often do not directly influence the performance of various physical security controls and the significance of physical security threats, but they create a context in which a relationship occurs between them and physical security controls.For instance, political factors are a primary reason behind the growing attention of relevant stakeholders towards physical security at oil and gas facilities and other objects of critical infrastructure in the Gulf region owing to the importance of the petroleum industry for the progressive development of Gulf Cooperation Council (GCC) countries [92,176].Therefore, external factors could potentially increase the significance of specific physical security threats, draw the attention of stakeholders toward particular risks, and contribute to the development of new physical security controls.

The Relationship between Facial Recognition Technology Integration and Physical Security Performance in the Company
Refs. [103,109,119] and many other scientists state that applications based on facial recognition technology are highly effective in preventing physical security threats by introducing a new layer of protection that is not characterized by the inherent flaws of other controls.Furthermore, unlike most other measures, facial recognition technology can be used for various purposes and settings, allowing security officers to process attendants quickly and identify intruders [30,109,119].Furthermore, ref. [97] recommends that organizations replace their old security techniques with technology based on facial recognition because these instruments have superior performance in access control, especially in mitigating unauthorized access.Therefore, this technology's potential to improve the physical security performance of the company is evident.
The results of the model's measurement and the validity and reliability analyses indicate that the relationship between these two variables can be examined using relevant statistical tests.The relationship between these variables was positive and statistically significant (β = 0.241; p-value < 0.001).In other words, a one-point increase in the integration of facial recognition technology leads to a corresponding increase in physical security performance by one point.In this situation, integrating FRT into the physical security system of the company should be considered a chance to reshape the entire physical security framework in a way that redefines the role of various measures and allows the organization to increase the physical security performance significantly.As a first step toward achieving this goal, the company's management must integrate FRT seamlessly with existing physical security controls, which might prove challenging.Ref. [177] have stated that the achievement of this goal requires a clear definition of "zones of responsibility" for each physical security control and the rules for using them, while [178,179] insist on the need to design holistic physical security frameworks that consist of different protection layers.Therefore, if the company manages to create such a holistic multi-level system, it is likely to leverage the impressive capabilities of FRT to improve its physical security performance.

Limitations and Future Research
The first and most significant limitation is that this study relied upon perception data.Given the sensitivity of the topic under investigation, obtaining data on specific physical security threats that impact the organization was impossible.Therefore, the primary source of data was the employees working in the company.As a result, the respondents may have provided general information about physical security without clarifying the company's particular threats.This inability to compare the study's results to a true comparison of current threats impacting the organization makes for a significant limitation on the implications of this research as the data only focused on the employees' perceptions.Nevertheless, it is common for researchers to use perception data to evaluate physical security performance [180,181].In future studies, researchers may attempt to obtain specific threats to the selected research institution to understand better the impacts of different physical security threats.
The second limitation was that the researcher did not have extensive knowledge of the current physical security threats that impacted the selected company.Furthermore, given the study's sensitivity, the company was not ready to share critical information about recent vulnerabilities.Therefore, a limited number of physical security threats that are common to oil and gas industries in the MENA region were selected from the literature review.However, it is crucial to consider all the possible physical security threats that face the organization under study if researchers wish to generalize the results to encompass the global oil and gas industry.For example, the dataset [102] used in their study consisted of 373 security-related incidents from industrial facilities in the oil and gas sector, where a range of complementary synergistic tools was applied to the structured analysis.Therefore, the lack of vast knowledge of current physical security threats facing most organizations limited the generalizability of the study to the MENA region.
Finally, data for the current study were collected during the global pandemic, COVID-19, when many employees were relegated to quarantine or to work remotely.Thus, it is reasonable to assume that the participants had fewer experiences and encounters with physical security threats at the organization than when most were on-site during "normal" conditions.In this regard, this is considered a limitation of the study.However, It is important to note that despite the potential impact of COVID-19 conditions on the survey, the results of this study remain unaffected.Future research could attempt to conduct the same study without COVID-19, which would provide helpful information about resilience towards various physical security threats.Although this study provided many positive aspects concerning the applicability of facial recognition in the oil and gas industry to enhance physical security resilience to threats, addressing the above limitations could provide more exciting results for future studies.

Conclusions
All five hypotheses have been confirmed in the current study.The study's results reveal a positive and statistically significant relationship between the physical security culture and physical security performance, facial recognition technology efficiency and its integration within the physical security system, physical security threats and physical security performance, as well as external factors and physical security performance.Moreover, a positive and statistically significant relationship existed between facial recognition technology integration and physical security performance.Furthermore, the literature review confirmed the study's findings regarding the problem under investigation.
The fact that the reported significance of both external factors and physical security threats was found to affect physical security performance could be explained by the positive influence of these variables on the organization's readiness to protect its assets using modern physical security controls and the potential impact of employees' knowledge on physical security performance.In addition, external factors also stimulate oil and gas facilities similar to the company investigated to adopt new technologies that could be highly effective in addressing security risks.
The study confirmed that FRT could be a valuable touchless technology that could be integrated into the existing physical security system of companies operating in the oil and gas industry.Furthermore, its successful integration into the physical security system can introduce a new layer of protection by addressing critical limitations of other security controls, such as CCTV surveillance, access control systems, and fingerprint technology.At the same time, it was found that the success of this integration strongly depends on several employee-related parameters.In particular, employees' belief in the efficiency of facial recognition technology strongly affects its integration with other controls, which could be explained by the elimination of employees' resistance to change and their willingness to embrace the new technology.As a result, security experts, practitioners, and scholars could further research the applicability of this technology to address more sophisticated threats in the oil and gas sector.
However, the technology's efficiency also depends on the benchmark data used in training the algorithms, meaning the more effective a system is, the more data sets are needed, and this trend may significantly impose upon the employees' privacy and daily routines [182].Therefore, the company's management should also strive to develop manageable and reasonable protocols that address privacy issues, and any protocol that does not meet this test should not be developed [80].This requires the management to establish a privacy policy that explains that facial template information is collected for security purposes, how this information is currently being used, and what physical security procedures and regulations are in place to safeguard this data [183].The process of facial recognition passes through the stages of capturing a face's picture, reading the face's geometry, comparing the facial signature to a database, and determining an individual [108].All these processes might be completed quickly to facilitate the verification and authentication of individuals.
The present study provides much-needed empirical data for the enhancement of the effectiveness and reliability of integrated physical security systems to assuring adequate protection levels, which is the first contribution of the study.The awareness illuminated by the study contributes to the body of knowledge regarding the implementation of novel security technologies, such as facial recognition technology, in the oil and gas industries, specifically for the Middle East and North Africa region.This is notable given the increased adoption of modern touchless security technologies following the Covid-19 pandemic, limiting physical interaction and queuing or gathering.While the existing literature offers some insights into facial recognition technology [85,184,185], these insights are general and hardly consider oil and gas companies' specific challenges in the Middle East and North Africa region.Therefore, the current study's results serve as a foundation for future research into the concept of facial recognition technology integration in the oil and gas industries.
The second contribution is related to the practical implantation of FRT.While many organizations in other sectors, such as airports and law enforcement agencies, have tapped into the benefits of this novel technology, many oil and gas facilities in Abu Dhabi have not implemented advanced security technologies, such as facial recognition, in their physical security systems.A company's decision to implement protective measures is determined by whether it believes the solution is practical, has a positive attitude toward the protection, and considers itself responsible for its security [186].However, since physical security threats and vulnerabilities are different in each industry setting, organizations should take considerable time to understand any significant physical security threats prevailing in such an industry at that particular time to integrate security technology that addresses these vulnerabilities effectively.According to [165], a physical security culture could be instrumental in mapping physical security elements toward creating a holistic physical security system capable of responding effectively to physical security threats.As a result, security specialists, scholars, policymakers, regulatory specialists, and corporate managers may use this study to support the development of further research into facial recognition technology integration in the oil and gas industries rather than in airport settings, which has the prospect of widening the knowledge of the technology's applicability.

Figure 1 .
Figure 1.The conceptual framework of integrative physical security culture.

Figure 1 .
Figure 1.The conceptual framework of integrative physical security culture.

Table 2 .
Frequency distribution of demographic characteristics.

Table 3 .
The result of convergent validity.
PSC: physical security culture, PSP: performance of physical security, FRTE: facial recognition technology efficiency, PST: physical security threats, EF: external factors, FRTI: facial recognition technology integration.
Bolded numbers are the square root of AVE, PSC: physical security culture, PSP: performance of physical security, FRTE: facial recognition technology efficiency, PST: physical security threats, EF: external factors, FRTI: facial recognition technology integration.

Table 6 .
Loading and cross-loading of constructs for discriminant validity assessment.

.861 Bolded numbers are significant loading for each indicator
. PSC: physical security culture, PSP: performance of physical security, FRTE: facial recognition technology efficiency, PST: physical security threats, EF: external factors, FRTI: facial recognition technology integration.

Table 7 .
List of hypotheses and relative paths for a path model.

Table 8 .
Results of coefficient of determination (R 2 ).
PSP: performance of physical security, FRTI: facial recognition technology integration.