Canadian auto industry under-prepared for cyber security threats, study finds
APMA/KPMG report looks to help Canadian suppliers close cybersecurity gaps.
According to the apmaIAC / KPMG Canadian automotive cyber preparedness report, the majority of Canadian auto part suppliers don’t recognize the security risks posed by connected vehicles and related information services. Many auto parts suppliers surveyed for the report feel their individual product offering is not technologically advanced enough to warrant embracing privacy and cyber safety in their operations.
Despite the fact that the number of automotive cybersecurity incidents has grown by 99% since 2018, the report finds that nearly half (49%) of the APMA members surveyed say they don’t have a designated person in charge of their cybersecurity strategy. It also stresses that such cyber threats extend to the manufacturers’ operations themselves, in that 30% of organizations surveyed said they have experienced a breach in the last 12 months.
“Cyber has many faces in today’s automotive industry and pose significant risks if left unchecked,” says APMA president, Flavio Volpe. “The reality is that now, more than at any other time in manufacturing, companies must safeguard their products, operations, and systems no matter the type of components, parts, systems and assemblies they produce.”
Whatever the threat level, the report points out that automobile OEMs and their suppliers will need to prepare for domestic and international vehicle cybersecurity-related regulations, including Transport Canada’s Vehicle Cyber Guidance and the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations.
The U.N. regulation, for example, will require companies to document how they will prevent specific kinds of incidents, report information on cyberattacks and inform authorities at least once a year on whether their cybersecurity measures have been effective.
Similarly, the forthcoming IS021434 Road Vehicles Cybersecurity Engineering standard has set cybersecurity risk management requirements for road vehicle systems, components, and interfaces throughout all stages of their development from engineering, production, operation and maintenance to decommissioning, according to the report.
“Building a cyber secure culture means keeping security awareness top of mind for all individuals in the organization – not just IT,” says KPMG’s John Heaton, partner, cybersecurity services. “Every company – no matter the product – has cyber ‘digital crown jewels’ that must be secured. Companies at every link in the supply chain must identify and protect these and ensure the partners they share data with are taking the same steps.”