Global State of Information Security Survey: Automotive

The fast growing sources of security incidents in the automotive industry

Security incidents and financial costs accelerate

Advances in telematics, networked manufacturing tools, and sensor-based equipment are transforming how automotive companies produce vehicles and work with business partners. They also have contributed to increased cybersecurity risks. Automotive firms report a 32% jump in detected incidents and a larger surge in financial losses. Employees remain the most-cited culprits, but incidents caused by hacktivists and competitors are rapidly increasing.

Putting the brakes on spending

Despite rising risks, information security spending among automotive companies declined in 2014. One explanation may be that some organizations are shifting vehicle security responsibilities --and security budgets --from IT to the research and development and design divisions.

The road to the Internet of Things

Individual automobiles, automotive operational systems, and IT are increasingly interconnected, which can increase risks to data security, privacy, and even human safety. Many businesses have begun the race toward the Internet of Things by offering telematics and real-time vehicle diagnostics --but have not implemented security safeguards for these services. What's more, managing risks will become increasingly challenging as more electronic data is shared among more partners and manufacturers.

Rising third-party risks

Assessing the security practices of connected business partners will become more important as the Internet of Things expands. Already, we have seen an uptick in threat actors who leverage connected business ecosystems and supply chains to access automotive companies' networks and data. Yet we found that many respondents do not have the due diligence processes, technologies, and people skills in place to address these sophisticated threats.

Gains in strategic safeguards

Despite declines in certain security practices, some organizations show progress in adopting fundamental security initiatives. More companies have hired a Chief Information Security Officer, for instance, and have taken steps to improve communications and create a top-down culture of security. We also found an increasing commitment to sharing information about security intelligence with external organizations.