From digital dashboards and keyless car unlocking to remote maintenance: drivers are currently experiencing digital connectivity in the automotive industry from the end customer's perspective - while a number of other technological transformation processes are currently taking place in the background.
For the entire sector, increasing digital networking means a radical change and the threat situation is intensifying. Protection against cybercrime is taking centre stage due to the increasing number of connected vehicles. The most important question: How can security be increased as quickly as possible and holistic risk management implemented in the long term? We answer this question in our latest publication.
One thing is clear: The automotive industry is confronted with various threats, ranging from data and property theft to disruptions to manufacturing processes. It is also clear that data protection and security are important criteria for customers when making purchasing decisions. However, the industry lacks standardised measures for assessing the level of cyber security maturity.
Our authors first analyse the status quo of the cyber security situation in the automotive industry before going on to discuss various tasks and the most important areas of action for companies that can be concluded from this. They also provide insights into KPMG cyber security projects.
Goran Mazar
Partner, EMA & German Head of ESG and Automotive
KPMG AG Wirtschaftsprüfungsgesellschaft
Best practices and maturity models should not only be introduced in automotive companies, but also in their supplier networks. In this way, cyber threats can be averted and a standardised and solid approach to cyber attacks can be implemented throughout the entire value chain.
Improved cyber security: what to focus on now
Utilisation of resources
A combination of internal and external resources makes it possible to create sufficient capacity and utilise existing knowledge within the industry. Projects and processes can be implemented based on proven models. In terms of cyber security maturity, models are already available from associations and government agencies.
Monitoring the cyber security maturity level
Cybersecurity management systems (CSMS) will be essential for OEMs (Original Equipment Manufacturers) and suppliers in the future. Among other things, CSMS maturity monitoring can be used to track whether the requirements of regulatory frameworks are being met.
Use of interdisciplinary teams
Companies should set up interdisciplinary teams that focus on all perspectives - from the engineering level to governance. External service providers are ideal for support. CIOs know which services should remain in-house and which can be outsourced. This also helps in defining a standardised operating model for both sides.
Monitor the changing legal situation worldwide
New requirements from the UNECE (UN Economic Commission for Europe) and the Chinese cyber security regulations show how important it is to keep a close eye on legal changes. Sometimes - for example in China - there is even a risk of losing the local business licence if requirements are not met.
Risk management along the entire supply chain
The UN R155 Directive (part of the UNECE), which is relevant to the automotive industry, refers to the entire ecosystem of manufacturers - including suppliers. Companies must demonstrate how their dependency on suppliers, service providers, vendors and third parties is managed through their cybersecurity measures, frameworks and processes.
Automotive manufacturers should adopt or work with cybersecurity companies to standardise frameworks, assessment methods and KPIs along their entire value chain. In this way, they can effectively ensure their cybersecurity resilience and further strengthen their ability to respond to cyberattacks.
