85% of automakers admit their organizations have been breached in the past 24 months; Yet, more than two-thirds haven’t invested in information security in the past year
Automakers are investing heavily in autonomous and connected-car technology, increasing potential for cyber-attacks against vehicles. However, failure to prevent a vehicle hack could be devastating to their brands and the bottom line with 82% of consumer respondents saying they would be wary or never buy from an automaker if they had been hacked, according to the 2016 KPMG Consumer Loss Barometer study.
To access videos and additional graphics for this study visit the landing page at www.kpmg.com/us/consumerlossbarometer
In the KPMG survey of 449 car-owning consumers, 70% are concerned about the possibility of their car being hacked within the next 5 years. Additionally, 79% indicated that if their vehicle was hacked it would have a negative impact of their perception of that automaker. The concern cuts across generational lines, with 83% of baby boomers and 74% of millennials, saying a hack would damage their view of that automaker.
“Cars and trucks have evolved into highly-complex computers on wheels, with increased connectivity that presents some real and important cybersecurity risks, the most significant of which is safety,” said Gary Silberg, KPMG’s Automotive Sector Leader. “Unlike most consumer products, a vehicle breach can be life-threatening, especially if the vehicle is driving at highway speeds and a hacker gains control of the car. That is a very scary, but possible scenario, and it’s easy to see why consumers are so sensitive about cyber security as it relates to their cars.”
In conjunction with the consumer survey, KPMG conducted a survey of 100 automotive senior cybersecurity executives distributed evenly between chief information officer (CIO – 25%), chief information security officer (25%), chief security officer (25%), and chief technology officer (CTO - 25%). KPMG found that 68% of automotive cyber execs said they haven’t invested capital funds in information security in the past year – despite the fact that 85% admit their organizations have been breached in the past 2 years. Additionally, 55 % said there is not someone at their company whose sole responsibility is information security.
“Automakers are playing catchup when it comes to cyber security,” said Silberg. “But the threat is real, and the implications of a vehicle breach could be catastrophic for consumers and the automakers alike. Car companies need to take action now and make cyber security a strategic imperative to ensure they are doing everything possible to protect the drivers of their vehicles.”
Silberg adds, “Due to the potentially enormous damage to their brands and their sales, addressing cybersecurity concerns is a critical priority for automakers, and one they cannot afford to get wrong.”
KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s member firms have 174,000 professionals, including more than 9,000 partners, in 155 countries.
On Twitter: @madgoncalves