Sec uring the Car:
The State of Cybersecurity in the Automotive Industry
Cars and the wider automotive industry are becoming more connected each year, but cybersecurity is not keeping up. We look at the key findings from an extensive study by Synopsys to find out how severe the problem is
Cybersecurity is not keeping pace with technology
Technology in the automotive industry is moving at a dramatic pace, but cybersecurity is lagging behind. Most respondents in Synopsys’ survey said they felt this was a problem, with telematics, radio frequency technologies and self-driving vehicles seen as the biggest causes for concern.
How concerned are you that your organisation’s cybersecurity practices are not keeping pace with changing automotive technologies?
1 = Not concerned
10 = very concerned
1 or 2
3 or 4
5 or 6
7 or 8
9 or 10
Critical software patches are not delivered effectively
Out of those surveyed, almost two thirds said that they did not believe software patches that were designed to fix critical vulnerabilities were delivered within an appropriate time span. Notably, the method for delivering patches varied significantly, with 25% saying their company did not deliver any form of security update at any time.
Does your organisation’s software update delivery model address critical security vulnerabilities in a timely manner?
More than half of companies only look for security vulnerabilities after vehicles have been released
Shockingly, when it comes to the stage that companies assess security vulnerabilities in their automotive software, just over half do not begin to look at the issue until after the affected vehicles have had a commercial release. This is after other aspects of car safety have been tested and signed off in the development and testing phase.
When during the development life cycle does your organisation assess automotive softwa re/technology/components for security vulnerabilities?
Most companies lack vital cybersecurity skills
As with many industries, the automotive field is struggling with a cybersecurity skills shortage, with around two-thirds of companies saying they lack the skills to ensure security at the product development phase.
Does your organisation have the necessary cybersecurity skills in product development?
Notably, this is not just a skills issue, but a resources issue, as just over half of those surveyed said they did not feel enough budget was directed towards cybersecurity.
Does your organisation allocate enough resources to cybersecurity?
Data from a survey of 15,900 automotive and security professionals by Synopsys and SAE International