Cyber security measures prudent but lacking, survey finds
Automakers are investing heavily in autonomous and connected-car technology, but with these potentially exciting developments comes an increased possibility for cyber-attacks against vehicles.
Among the consequences of failing to protect against cyber attacks is loss of business. In fact, 82 percent of consumers surveyed said they would be wary of buying from or would never buy from an automaker that had been hacked.
Of 449 car owners surveyed in the 2016 KPMG Consumer Loss Barometer study, 70 percent said they are concerned about the possibility of their car being hacked within the next five years. Additionally, 79 percent indicated that if their vehicle was hacked it would have a negative impact of their perception of that automaker. The concern transcends generational lines, with 83 percent of baby boomers and 74 percent of millennials saying a hack would damage their view of that automaker.
“Cars and trucks have evolved into highly complex computers on wheels, with increased connectivity that presents some real and important cybersecurity risks, the most significant of which is safety,” Gary Silberg, KPMG’s automotive sector leader, said in a news release announcing the results.
“Unlike most consumer products, a vehicle breach can be life-threatening, especially if the vehicle is driving at highway speeds and a hacker gains control of the car. That is a very scary, but possible scenario, and it’s easy to see why consumers are so sensitive about cyber security as it relates to their cars.”
In conjunction with the consumer survey, KPMG conducted a survey of 100 automotive senior cybersecurity executives distributed evenly between chief information officers, chief information security officers, chief security officers and chief technology officers.
KPMG found that 68 percent of automotive cyber execs said they haven’t invested capital funds in information security in the past year — despite the fact that 85 percent admit their organizations have been breached in the past two years. Additionally, 55 percent said there is not someone at their company whose sole responsibility is information security.
“Automakers are playing catchup when it comes to cyber security," said Silberg. “But the threat is real, and the implications of a vehicle breach could be catastrophic for consumers and the automakers alike. Car companies need to take action now and make cyber security a strategic imperative to ensure they are doing everything possible to protect the drivers of their vehicles.
“Due to the potentially enormous damage to their brands and their sales, addressing cybersecurity concerns is a critical priority for automakers, and one they cannot afford to get wrong,” he continued.
Additional survey findings
— In the event of a hack, 41 percent of consumers said their No. 1 fear would be someone else taking control of the car, followed by 25 percent who indicated financial information being stolen.
— 46 percent of respondents said the owner or driver of the car should be the guardian of consumer and vehicle data.
— 47 percent said the software and technology company whose products are in the car should be responsible for the security of ones connected car information.