DETROIT – A new survey shows 77 percent of organizations in transport and automotive markets have been hit with IoT-focused cyberattacks during the past twelve months.
Of those that experienced a cyberattack, 91 percent had an impact on the organization, including operational downtime and compromised customer data and/or brand or reputational damage. Perhaps most alarming, many organizations are not properly prepared for future threats with only 6 percent indicating that they have what they need to combat cyberattacks.
The Irdeto Global Connected Industries Cybersecurity Survey of 225 security decision makers working in transport and automotive (700 respondents in total) found that while a greater focus on cybersecurity within the industry is needed, many respondents’ organizations in this space are looking at the benefits of security beyond its protection capabilities.
Of the transport organizations surveyed, 98 percent agree that a security solution should be an enabler of new business models, not just a cost. This clearly indicates that attitudes towards IoT security are changing for the better. This shift in mindset could lead to further innovation across this sector, resulting in new connected and autonomous business models with security built-in.
“Despite the challenges and threats outlined by this study, it’s clear that the attitude toward security in the transport industry is on the right track,” said Niels Haverkorn, General Manager, Connected Transport, Irdeto. “Through robust security, transport and automotive organizations can construct a foundation that not only realizes the benefits of fully connected and autonomous vehicles, but also enables profitable new business models. Through this approach, they will be able to balance safety, convenience and customization throughout their business and products.”
While the security mindset is on the right track, the Irdeto study suggests a distinct lack of optimism about the future security of IoT devices within organizations. Of the security decision makers surveyed in the transport industry in five countries (China, Germany, Japan, UK and US), 84 percent are either very or fairly concerned about the IoT devices that their organizations use or manufacture being targeted by a cyberattack, hacking incident or security breach.
Despite this concern, 94 percent of respondents from this sector said that they do not have everything they need to address cybersecurity challenges. In addition, 50 percent state they need additional expertise/skills within their organization to address all aspects of cybersecurity.
This is followed closely by more effective cybersecurity tools (47 percent) and the implementation of a more robust cybersecurity strategy (44 percent).
This is compounded by the finding that, in the transport and automotive space, a total of 90 percent of manufacturers and 95 percent of users of IoT devices state that the cybersecurity of the IoT devices that they manufacture or use could be improved either to a great extent or to some extent. Failure to address these challenges could prove costly, with the average financial impact as a result of an IoT-focused cyberattack in the transport space identified as greater than $350,000.
“The benefits of connectivity for today’s automobiles are clear, allowing greater mobility services to be brought to drivers; and inevitably to passengers of autonomous vehicles of the future,” said Dr. Clifford Liem, Technology Director, Connected Transport, Irdeto. “However, the underlying understanding for all is that technology cannot be implemented safely without robust security in place. Organizations must adopt a defense-in-depth approach to cybersecurity with many layers of security being implemented throughout, rather than simply protecting systems from the outside-in. This applies to both the organization itself and to connected vehicles they develop.”
Within IoT devices themselves, a largest proportion of security decision makers working in transport organizations stated that the software of these devices is the most vulnerable element (39 percent), while 13 percent stated that the infotainment unit is where the most prominent cybersecurity vulnerabilities exist.
As organizations fight to keep pace with the cybersecurity challenges in the transport sector, they do have several security measures in place, but have often not implemented enough layers into their security strategy. 31 percent of security decision makers surveyed say their organizations do not currently have software protection technologies implemented, while only 50 percent say their organizations have mobile app protection implemented and only 44 percent make security part of the product design lifecycle process – which could be a huge problem if the product is a vehicle itself.
Click here to download the full report on the survey results: