Cyber Hacks Could Cost Auto Industry $24 Billion

December 17, 2018

Cyber hacks might cost the auto industry $24 billion within five years, according a study by Upstream Security.

The Upstream Security Global Automotive Cybersecurity Report 2019 outlines how hackers attacked -- from physical to long-range to wireless and more -- and who they targeted in the Smart Mobility space.

"With every new service or connected entity, a new attack vector is born," said Oded Yarkoni, Head of Marketing at Upstream Security. "These attacks can be triggered from anywhere placing both drivers and passengers at risk. Issues range from safety critical vehicle systems, to data center hacks on back-end servers, to identity theft in car sharing, and even privacy issues. The risk is immense. Just one cyber-hack can cost an automaker $1.1 billion, while we are seeing that the cost for the industry as a whole could reach $24 billion by 2023."

According to the report, the automotive world is becoming a Smart Mobility ecosystem, according to Yarkoni. Connected cars, autonomous vehicles, ride-sharing services and aggregated transport of all kinds are adding complexity and risk at an incredible rate. This report is the first of its kind; based on real-life incidents and provides an insight into who is at risk, how key stakeholders are protecting themselves and emerging trends for 2019.

According to the report:

While car manufacturers are an obvious target, Tier 1 suppliers, fleet operations, telematic service providers, car sharing companies and public and private transportation providers are facing an ever-increasing threat.
In 2018, the number of cybercriminals (what the industry calls Black hats) attacks eclipsed the number of White hat (security specialists who breaks into protected systems to test and asses their security) incidents. This is the first time in the history that has happened in the Smart Mobility space.
Security needs to be multi-layered. This includes in-vehicle for close-proximity attacks, automotive cloud security for multiple vehicles, services and applications, and network security for the network side of the architecture.
42 percent of automotive cyber-security incidents involve back-end application servers.
Two new kinds of cyber-attacks are emerging through car sharing and driver exchange. These are having a measurable impact on fraud and data privacy.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.