Many autonomous vehicles are not fully protected against cyberattacks, with GlobalData, a leading data and analytics company, estimating that there may be up to 180,000 bugs in the code operating a level 5 autonomous vehicle*— potentially leaving hackers with 15,000 security vulnerabilities to choose from.
GlobalData’s latest report, ‘Cybersecurity in Automotive – Thematic Research’, stresses the importance of defending all of the infrastructures upon which connected cars rely, noting that we are entering a ‘Code War’ era, where every digital device—no matter how small—can be weaponized.
Emilio Campa, Analyst on the Thematic Research team at GlobalData, comments: “Autonomous vehicle manufacturers may be making sure the physical doors lock, but as it stands, the digital doors are wide open. Over the past decade, hackers have accessed the vehicles of numerous major brands: remotely unlocking doors, collecting sensitive data, and even taking control of vehicles. This just isn’t good enough, and autonomous vehicles won’t be safe enough until these gaps are plugged.”
Automotive businesses are increasingly talking about cybersecurity in their financial reports, according to GlobalData’s Company Filing Analytics. The number of mentions of ‘cybersecurity’ expanded almost fourfold between 2016 and 2021. However, the number of mentions is relatively small when compared to other major themes in the sector—especially environmental, social, and governance (ESG) issues. In 2021, the number of mentions of ‘ESG’ was over 20 times bigger than the number of ‘cybersecurity’ mentions.
Campa continues: “Cybersecurity is competing for attention with other major issues such as ESG and geopolitics. While these are also pressing matters, the importance of comprehensive cybersecurity in automotive cannot be overstated. Public safety aside, cyber breaches and cyberattacks directly affect the value and integrity of car manufacturers’ brands. New vulnerabilities are also constantly coming to light, and they can be difficult to fix.”
Cybersecurity-related regulation is being implemented in different ways around the world. The UN Economic Commission for Europe (UNECE) Regulation 155 comes into force in July 2022, the ISO/SAE 21434 standard has been developed, and countries from the US to China are adopting local regulations and oversight. As a result, auto players must be aware of the regulatory landscape to ensure compliance.
Campa adds: “There is a real requirement for manufacturers to get up to speed on cybersecurity, and to do so quickly. The auto industry will face more cyberattacks as it introduces more connected, digital, and electronic systems to new vehicles and as companies themselves become more digital. With cyberattacks causing severe reputational damage and being expensive to remediate, automotive cybersecurity cannot be ignored.”
- Level 5 autonomous vehicles are fully self-driving vehicles that can handle all driving tasks in all circumstances. These vehicles probably won't feature human controls and must be able to safely handle any situation they might encounter.
Quotes provided by Emilio Campa, Analyst on the Thematic Research team at GlobalData
GlobalData’s latest report, ‘Cybersecurity in Automotive – Thematic Research’, provides an invaluable guide to this extremely disruptive theme. It includes comprehensive lists of the leading players across all aspects of the cybersecurity value chain, helping companies identify the right partners.
The report also includes a guide to the major challenges the automotive industry is facing and how they impact the need for comprehensive cybersecurity in vehicles.
4,000 of the world’s largest companies, including over 70% of FTSE 100 and 60% of Fortune 100 companies, make more timely and better business decisions thanks to GlobalData’s unique data, expert analysis and innovative solutions, all in one platform. GlobalData’s mission is to help our clients decode the future to be more successful and innovative across a range of industries, including the healthcare, consumer, retail, financial, technology and professional services sectors.