The Global State of Information Security® Survey 2016

Automotive summary

Many automotive organisations are taking action to bolster their cybersecurity and privacy capabilities, according to The Global State of Information Security® Survey 2016. They are strengthening cybersecurity programmes by implementing technologies such as cloud-based cybersecurity, Big Data analytics and advanced authentication.

On-ramp to the Internet of Things

The connected automobile is rapidly becoming a high-profile example of the Internet of Things (IoT) technology. In fact, automotive organisations are already deeply involved in technologies and services that link vehicles to their operational and IT systems. Risks are also on the rise: The survey found that security compromises to components that underpin the IoT—including operational systems, embedded devices and consumer technologies—more than doubled in 2015. More than two-thirds of survey respondents have an IoT security strategy in place or are implementing guidelines.

Addressing threats from within

Employees were cited as the leading source of compromise. They are not the only source of rising insider threats, however. This year, more than two-thirds of respondents attributed security incidents to business partners such as supply chains and resellers, which often have trusted access to an organisation’s internal networks and data. Many automotive organisations are leveraging Big Data analytics built on cloud architecture to monitor for suspicious user activity and address these insider threats.

Intensifying regulatory scrutiny

The potential for new regulatory oversight is a key concern for many automotive executives. Organisations should prepare by closely following regulatory developments in order to update internal compliance controls, processes and monitoring capabilities. Another way to improve regulatory compliance programmes is increased Board participation in cybersecurity issues, according to survey respondents.

The Global State of Information Security® is a registered trademark of International Data Group, Inc.