Listen to this article

Survey Conducted by the Ponemon Institute Reveals Automotive Manufacturers and Suppliers are Struggling to Incorporate Cybersecurity Best Practices Throughout Product Development Life Cycle

SINGAPORE – Together with SAE International, a worldwide organization of engineers and other technical experts in the aerospace, automotive, and commercial-vehicle industries, Synopsys, Inc. (Nasdaq: SNPS) has published a report titled Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices. The research outlines major cybersecurity risks and shortcomings affecting many businesses in the automotive industry, based on a survey of worldwide automotive manufacturers and suppliers done by Ponemon Institute. According to the research, 84% of automotive industry experts are worried that their companies’ cybersecurity measures are falling behind the times. Sixty-three percent of respondents said they test fewer than half of the automotive technologies they produce for security risks, and 30 percent said they have no cybersecurity program or team in place.

“SAE, in partnership with Synopsys, is pleased to present the findings of this study, as it provides real-world data to validate the concerns of cybersecurity professionals across the industry and highlights a path forward,” said Jack Pokrzywa, SAE International director of Ground Vehicle Standards. “SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061™, the world’s first automotive cybersecurity standard. Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles.”

In order to assess the state of cybersecurity in the automobile sector and its preparedness to deal with the software security threats posed by connected, software-enabled vehicles, Synopsys and SAE commissioned the Ponemon Institute, a leading IT security research firm. Ponemon polled 593 industry experts from automakers, suppliers, and service providers around the world. Each respondent is either directly or indirectly involved in evaluating or contributing to the security of automotive technologies such as infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies like Wi-Fi and Bluetooth, among others.

“The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn’t exist before: cybersecurity,” said Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. “This study underscores the need for a fundamental shift—one that addresses cybersecurity holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practices required to address these challenges already exists, and Synopsys is poised to help the industry embrace them.”

Other key findings from the survey highlight:

  • Lack of cybersecurity skills and resources. More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
  • Proactive cybersecurity testing is not a priority. Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
  • Developers need cybersecurity training. Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.

Cybersecurity threats permeate all stages of production. The majority of respondents (73%) are worried about the safety of the third-party automobile technologies they use. However, just 44% of respondents reported that their company enforced cybersecurity rules for products supplied by upstream suppliers.