An overwhelming majority of automotive professionals fear their organizations are not keeping up with cybersecurity, according to a new study by Synopsys, Inc. and SAE International, and protocols are lacking.
“The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn’t exist before: cybersecurity,” Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group, said. “This study underscores the need for a fundamental shift—one that addresses cybersecurity holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practices required to address these challenges already exists and Synopsys is poised to help the industry embrace them.”
The report, titled Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices, found that 84 percent of professionals lack faith in their organizations’ cybersecurity practices. Further, 63 percent of organizations test less than half of their automotive technology for potential security vulnerabilities, more than 50 percent of respondents believe not enough money is being allocated to security, and 30 percent of organizations don’t even have an established cybersecurity program or team.
The survey targeted global automotive manufacturers and suppliers as conducted by a commissioned IT security research company, the Ponemon Institute. They surveyed 593 people in all, examining current cybersecurity practices and the industry’s ability to address security risks in connected vehicles.
By their findings, proactive cybersecurity testing is not prioritized by the automotive industry, and to some degree, this might be because the pressure to meet product deadlines is greater than the fear of cyber attacks. This issue does not just affect manufacturers. The study showed that 73 percent of respondents worry about the cybersecurity aspects of third-party suppliers, especially since only 44 percent of respondents noted organizational efforts to impose cybersecurity requirements on those suppliers.