Printed from BusinessInsurance.com

Automotive manufacturers tackle increased cybersecurity risks

Posted On: Apr. 3, 2023 12:00 AM CST

cybersecurity risks

The auto and truck manufacturing industry is alert to the significant challenges it faces as it addresses expanding cybersecurity risks. 

“The industry is embracing security as one of their goals,” but “it’s a constant give and take” between increasing vulnerabilities and decreasing risk, said Jeremy S. Daily, associate professor of systems engineering at Colorado State University in Fort Collins, who conducts research in this area.

General Motors Co.’s Chevrolet unit said in a statement that its approach, based on industry and government best practices, includes defense-in-depth, monitoring and detection, and incident response capabilities. 

Its vehicle development process includes cybersecurity considerations “from the earliest stages of design through a vehicle’s lifecycle,” it said.

Dennis Kengo Oka, Tokyo-based senior principal automotive security strategist and executive adviser at Synopsys Inc., said the auto industry has learned from mistakes in other sectors, such as the personal computer industry’s issues with viruses and malware. 

“We’re not going into it blindly,” he said.

Trucking companies are adding firewalls to vehicles to block malicious messages, said Mark Zachos, founder and president of Farmington, Michigan-based DG Technologies, which focuses on vehicle network security.

“We’ve raised the bar” for criminals, he said.

As a truck may be kept for 15 years or longer, “it’s important for us to keep in mind that cybersecurity as a risk evolves constantly,” so the updated technology must be embedded in the vehicle to keep it safe, said Brent Rieth, Chicago-based U.S. practice leader, E&O/cyber broking at Aon PLC.

“I don’t think (the automotive industry) should rest easy” on the fact that there have been few cyber-related claims to date, said John Farley, New York-based managing director of Arthur J. Gallagher & Co.’s cyber liability practice. That could change “in a very short amount of time,” he said.

“Risk managers have to be forward-thinking in terms of how claims may manifest as they adopt new technology,” he said.

David Derigiotis, Detroit-based chief insurance officer for insurtech Embroker, said companies should identify critical vulnerabilities, introduce preventive measures, and have a disaster recovery plan in place. 

They should also consider privacy risks, Mr. Farley said. 

“Obviously, anybody that adopts new technology has to understand the data it collects, it has to understand what the legal obligations are as a result of collecting that information, and they need to take steps to secure and comply with the various privacy laws at the state, federal and international levels,” he said.