The rapid pace of technology adoption across industries has significantly increased the rate of cyberattacks. The automotive industry, in particular, has been heavily impacted as it enhances its systems and products with new technology.
In some cases this has led to serious operational setbacks, with dealerships needing to resort to pen and paper during system outages. This raises an important question: If your industry is adopting new technology, are your cybersecurity efforts advancing with it?
The stakes are high for organizations that don’t adequately handle cybersecurity, with each cyberattack costing companies an average of $4.45 million per incident; proving the more technology a company adopts, the more vulnerable it becomes. In many cases, organizations take a reactive vs. proactive approach to cyber risk, often due to a misunderstanding of cybersecurity or an underestimation of the threat landscape.
In the automotive sector, manufacturers rank cybersecurity as their top external concern. Nonetheless, the industry remains a target for breaches.
A report by Upstream Security revealed that 42% of automotive cyber incidents in 2023 involved service and business disruptions—a 40% increase from the previous year—while data and privacy breaches accounted for 22% of incidents.
The Downside to Driving Past Potential Cyber Risks
From their points of operation (such as dealerships and factories) to the cars themselves, the automotive industry is embracing the latest technology. Most new cars today border on being more computer than machine, with updated technology in digital dashboards, applications, and the car’s operating system. In fact, 97% of automotive manufacturers currently use or are considering using smart manufacturing technology.
While smart technology drives innovation across industries, it also creates new vulnerabilities to cyberattacks—especially with the rise of AI. A recent HP survey found that 35% of organizations have experienced cyberattacks targeting their device firmware or hardware, often through their supply chains.
Automotive manufacturers can better protect themselves by considering cyber risks at every stage of production. However, the pressure to deliver products quickly can lead to compromised security, risking customer data and sensitive information.
Learning the Risks Manual
All industries, including the automotive industry, can take a page from the security field by ensuring cybersecurity efforts are part of their company’s overall risk management strategy. This is key to being innovative while avoiding disastrous events that can cause financial, reputational, and even legal consequences to a company.
This framework should encompass effective risk management, security controls, and continuous monitoring. Beyond protecting valuable information and avoiding operational setbacks, such a framework offers immediate benefits, research from the Diligent Institute shows that companies with advanced cybersecurity capabilities generate nearly four times more shareholder value.
Leadership can integrate a connected GRC framework and culture embracing cybersecurity to better understand what risks are posed against them. Although in some functions they work independently, the risk and cybersecurity departments benefit from forming a close partnership, as cyber is a significant business risk for the entire organization.
Once an integrated culture is established, these teams must work together to make risk resonate and garner support from leadership on potential threats to the business. From there, cyber teams can be drawn further into audit committees to help build a greater understanding of IT risks.
All of this, however, should be underscored by the use of an integrated GRC platform that allows risk and cyber teams to gather and efficiently review information in partnership with each other. With these teams working together, they are better positioned to inform each other of potential problems and conduct routine testing and monitoring to be proactive against cyber issues.
Leading From the Top
An important stepping stone to setting standards around cyber risk is expertise at the board level. While only 5% of companies have a cyber expert on their board, upskilling existing board members in cybersecurity through certifications and training can go a long way in improving cyber literacy, helping corporate directors effectively govern significant enterprise wide cyber risks and have meaningful conversations with management
Creating a cyber risk aware culture also means implementing clear security policies that match the company’s goals while also surpassing regulatory requirements. Yes, compliance is important and, in most cases, a legal obligation. Many times, though, industry compliance requirements were designed around previous events and threats.
On a more technical level, having security controls to protect digital assets and practicing basic cybersecurity hygiene is also necessary. This includes updating software to prevent outdated security controls from being present and using solutions such as multi-factor authentication.
Habitual testing and continuous monitoring are also key to avoiding security threats. Teams can start this by identifying the major digital assets, examining their current level of cybersecurity, and assessing whether improvements need to be made. The automotive industry, for example, has a lot of major digital assets attached to things like car design, repair, manufacturing and selling. Although there may be a lot to look at, all of it must be routinely examined and updated.
Cybersecurity is a business imperative for all industries, including the recently hard-hit automotive industry. Making sure cybersecurity is part of the company culture and overall risk management strategy, and having the GRC and cyber teams work in tandem, can help dispel the cyber threats we see today.
From there, the automotive industry, and those like it, can move forward with its technology plans with a stronger sense of security and protection around sensitive materials and data. All industries can reap the benefits, financial and beyond, of investing in a cyber strategy to ensure their systems and products are secure.