4 minute read 23 Oct 2020
Street with blurred cars

How new mobility brings about new risks for the automotive industry

Authors
Constantin Gall

Managing Partner, Strategy and Transactions, Ernst & Young GmbH

Decades of experience in transactions, corporate finance, strategy and international management. Trusted advisor. Transformation enthusiast. Passionate driver who likes traveling.

Matthias Bandemer

EY Germany, Switzerland and Austria Cybersecurity Services Leader

A passionate builder of a cyber-secure working world — protecting value and creating trust.

4 minute read 23 Oct 2020
Related topics Automotive Mobility Cybersecurity
Upvote

Show resources

The automotive industry is under enormous cost pressure. However, saving now on data security will come back to haunt you later.

Auto manufacturers and their suppliers are under pressure from many sides. They have to invest billions in cutting-edge technologies, such as alternative drive systems and mobility services, to secure their future business. At the same time, they are battling with strict emission regulations, a slowing economy and declining sales figures.

Many manufacturers have responded to these challenges with cost-cutting measures and have announced that they are going to reduce their number of employees.

Cybersecurity

8%

of the companies surveyed say that cybersecurity fulfills their requirements.

IT security is also affected by cost pressure. Projects are being put on hold and departments are being drastically downsized. This is even more surprising, as less than one in ten companies claim that cybersecurity meets their requirements. Even worse: more than one-third of companies would not even notice a sophisticated cyberattack. Although it's obvious they should invest in cybersecurity, the expenditure needs to be cut in light of the severe cost pressure. Spending less on IT security is a false economy and sends out the wrong signal.

Accessing a billion-dollar market

The future business model of auto manufacturers and suppliers is based on data. Added value is moving from products to services. The automotive industry is increasingly becoming a digital sector. A billion-dollar market opens up for those who manage to turn digital vehicle, location and user data into added value for customers.

The opportunities are virtually endless: real-time weather data can warn drivers with summer tires of black ice and remind them to change their tires, along with a notification of a special offer for winter tires. On the way to the airport, the car informs the driver if their flight is delayed or cancelled and suggests an alternative. The authorized workshop is automatically informed if there are any problems with the vehicle, including remote diagnosis for engineers. Attractive business models arise from the sale of data to other providers. As a result, insurers want to offer bonus models that are adapted to driving styles and are therefore dependent on real-time data from vehicles.

However, autonomous and connected driving as well as mobility platforms and their huge volume of data also increase the risk of cyberattacks. Cyberattack targets are not primarily individual vehicles, but the networked system from production and supply chains, cars, users and infrastructure in smart cities. Not only do companies have information about weak points, it also circulates around the darknet, among criminals or even governments and secret services. In the not-too-distant future, the automotive industry will most likely belong to the critical infrastructure and will be regulated accordingly, like the finance, energy, water supply and telecommunications sectors. Even now, breaches of data protection can lead to heavy penalties, not to mention damage to companies' reputations.

Taking cybersecurity into account from the very beginning 

Protecting sensitive data in production, the supply chain, vehicles and on platforms is much more than a necessary evil. Cybersecurity is the basis of digitalization and a necessary obligation to fulfill these requirements. Viewing it as nothing more than a cost factor that has to be reduced is not sufficient. Moreover, where customer benefits are at the top of the requirements list, cybersecurity and data protection are often sidelined due to the concern that the many security questions may be an inconvenience for customers.

However, it is a misbelief that IT security can simply be added at the end when developing new technologies, programs, apps or mobility platforms. It is not only much more complicated, but also ten times more expensive than considering security at the start of the software development process.

There is no way of getting around security by design anymore, including and especially in economically challenging times. Both factors are equally important; in the race for the best mobility applications of the future, taking place under increasing cost pressure, it is better to produce one feature less or later than to cut back on data security. Otherwise, the next cyberattack could be the last.

How EY can help

Strategy consulting

In this transformative age, CEOs and business leaders are challenged in how to achieve maximum value for their organization’s stakeholders. We challenge assumptions and build strategies that help improve profitability and long-term value.

Read more

Summary

The automotive industry is becoming digitized. However, autonomous and connected driving as well as mobility platforms and their huge volume of data also increase the risk of cyberattacks. Protecting sensitive data is more than a necessary evil; it is the basis of business. Saving money on data protection is a false economy.

About this article

Authors
Constantin Gall

Managing Partner, Strategy and Transactions, Ernst & Young GmbH

Decades of experience in transactions, corporate finance, strategy and international management. Trusted advisor. Transformation enthusiast. Passionate driver who likes traveling.

Matthias Bandemer

EY Germany, Switzerland and Austria Cybersecurity Services Leader

A passionate builder of a cyber-secure working world — protecting value and creating trust.

Related topics Automotive Mobility Cybersecurity
Link copied
Upvote