Cyber security: the task is growing

From digital instrument panels to keyless car unlocking and remote maintenance: drivers are currently experiencing digital connectivity in the automotive industry from the end customer's point of view - in the meantime, a number of other technological transformation processes are taking place in the industry in the background.

For the entire sector, increasing digital networking means a radical change and the threat situation is intensifying. Protection against cybercrime is taking centre stage due to the increasing number of connected vehicles. The most important question: How can security be increased as quickly as possible and holistic risk management implemented in the long term? We answer this question in our latest publication.

It becomes clear: The automotive industry is confronted with various threats, ranging from data and property theft to disruptions to manufacturing processes. It is also clear that data protection and security are important criteria for customers when making purchasing decisions. However, the industry lacks standardised measures for assessing the level of cyber security maturity.

Our authors first analyse the status quo of the cyber security situation in the automotive industry before going on to discuss various tasks and the most important areas of action for companies that can be concluded from this. They also provide insights into KPMG cyber security projects.

Utilisation of resources

A combination of internal and external resources makes it possible to create sufficient capacity and utilise existing knowledge within the industry. Projects and processes can be implemented based on proven models. In terms of cyber security maturity, models are already available from associations and government agencies.

Monitoring the cyber security maturity level

Cybersecurity management systems (CSMS) will be essential for OEMs (Original Equipment Manufacturers) and suppliers in the future. Among other things, CSMS maturity monitoring can be used to track whether the requirements of regulatory frameworks are being met.

Use of interdisciplinary teams

Companies should set up interdisciplinary teams that focus on all perspectives - from the engineering level to governance. External service providers are ideal for support. CIOs know which services should remain in-house and which can be outsourced. This also helps in defining a standardised operating model for both sides.  

Monitor the changing legal situation worldwide

New requirements from the UNECE (UN Economic Commission for Europe) and the Chinese cyber security regulations show how important it is to keep a close eye on legal changes. Sometimes - for example in China - there is even a risk of losing the local business licence if requirements are not met.

Risk management along the entire supply chain

The UN R155 Directive (part of the UNECE), which is relevant to the automotive industry, refers to the entire ecosystem of manufacturers - including suppliers. Companies must demonstrate how their dependency on suppliers, service providers, vendors and third parties is managed through their cybersecurity measures, frameworks and processes.