New study highlights automotive cybersecurity gaps

Eighty-four percent of automotive professionals have concerns that their organizations’ cybersecurity practices are not keeping pace with evolving technologies. Thirty percent of automotive organizations do not have an established cybersecurity program or team. Sixty-three percent of those organizations test less than half of the technology they develop for security vulnerabilities.

These findings and several others were recently published in an independent study titled Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices commissioned by Synopsys, Inc. of Mountain View, California and Warrendale, Pennsylvania-based SAE International.

The report, based on a survey of global automotive manufacturers and suppliers conducted by the Ponemon Institute, highlights critical cybersecurity challenges and deficiencies affecting many organizations in the automotive industry.

“SAE, in partnership with Synopsys, is pleased to present the findings of this study, as it provides real-world data to validate the concerns of cybersecurity professionals across the industry and highlights a path forward,” says Jack Pokrzywa, SAE International’s director of ground vehicle standards. “SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061, the world’s first automotive cybersecurity standard. Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles.” 


Learn more about cybersecurity in mobility

Synopsys and SAE commissioned the Ponemon Institute, a leading information technology (IT) security research organization, to examine current cybersecurity practices in the automotive industry and its capability to address software security risks inherent in connected, software-enabled vehicles.

Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers, and service providers. To ensure knowledgeable responses, all respondents were involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and wireless technologies such as Wi-Fi and Bluetooth, among others.
“The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn’t exist before: cybersecurity,” says Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. “This study underscores the need for a fundamental shift – one that addresses cybersecurity holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practices required to address these challenges already exists and Synopsys is poised to help the industry embrace them.”
Other key findings from the survey highlight

  • Lack of cybersecurity skills and resources: More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.
  • Proactive cybersecurity testing is not a priority: Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.
  • Developers need cybersecurity training: Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.
  • Cybersecurity risk throughout the supply chain: Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.


Shifting Gears: Focus on Cybersecurity, a webinar covering the report, will take place on February 27, 2019.


Learn more

  • Bookmark to keep pace with the latest aerospace technology news and information.

  • Subscribe to SAE MOBILUS for access to more than 200,000 resources, including aerospace standards, technical papers, eBooks, magazines, and video.

William Kucinski is content editor at SAE International in Warrendale, Pa. Previously, he worked as a writer at the NASA Safety Center in Cleveland, Ohio and was responsible for writing the agency’s System Failure Case Studies. His interests include literally anything that has to do with space, past and present military aircraft, and propulsion technology.

Contact him regarding any article or collaboration ideas by e-mail at