A new study has revealed that 73% of procurement executives in the automotive industry are concerned about the cybersecurity of third-party providers, even though just 44% of them reported that their own organisations oblige upstream providers to implement cybersecurity measures for their products. The study, Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Risks, also discovered that 30% of the organisations surveyed have no established cybersecurity programme or team in place. Furthermore, a majority (63%), test fewer than half of the automotive technology they use for security weaknesses.
Supply relationship management in the automotive industry is far from straightforward. Automotive supply chains tend to be long and intricate. A single break in the chain at a relatively minor, tier 3, single-part producer, can have disastrous consequences. The report, which concludes that a fundamental shift is necessary in favour of implementing holistic cybersecurity measures for the entire supply chain and the systems development lifecycle, means that procurement pros must accord cybersecurity a higher priority than currently exists, in addition to their other core duties, such as strategic sourcing, cost reduction, category management, etc.
The latest EY Global Information Security Survey (2018-19) found that between January 2017 and March 2018, 1.95 billion records containing personal and commercially sensitive data were compromised. In the first quarter of 2018, the survey clocked 550 million phishing emails issued by a single campaign. EY estimates that the average cost of a data breach in 2018 was $3.62 million.
Commenting on the automotive industry’s cybersecurity weaknesses, J. Scot Sharland, executive director of the US Automotive Industry Action Group (AIAG), which aims to help the industry protect sensitive data with unified cybersecurity guidelines for its trading partners, said: “Over the course of the past 25 years, we have seen a remarkable shift in enterprise value from tangible to intangible assets. Data is the new currency. As such, more effective command and control of data has become an enterprise risk management priority.”