Based on a survey of global automotive manufacturers and suppliers conducted by Ponemon Institute, the report, Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices released by Synopsys, Inc. and SAE International, highlights critical cybersecurity challenges and deficiencies affecting many organizations in the automotive industry.
The study found that 84 percent of automotive professionals have concerns that their organizations’ cybersecurity practices are not keeping pace with evolving technologies.
The survey also found that 30 percent of organizations do not have an established cybersecurity program or team, and
63 percent test less than half of the automotive technology they develop for security vulnerabilities.
Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers and service providers. To ensure knowledgeable responses, all respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as Wi-Fi and Bluetooth, among others.
Other key findings from the survey highlight:
- Lack of cybersecurity skills and resources. More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
- Proactive cybersecurity testing is not a priority. Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
- Developers need cybersecurity training. Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
- Cybersecurity risk throughout the supply chain. Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.
Synopsys and SAE commissioned the Ponemon Institute, a leading IT security research organization, to examine current cybersecurity practices in the automotive industry and its capability to address software security risks inherent in connected, software-enabled vehicles.
Download a free copy of the report: Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices.