82% wary of automakers when hacked – automotive management not doing enough

KMPGKMPGFailure to prevent a vehicle hack could be devastating to automotive brands and the bottom line according to the 2016 KPMG Consumer Loss Barometer study. Despite the harm breaches in cyber security could do to an automaker, senior automotive security managment are not doing much for cybersecurity.

In the KPMG survey of 449 car-owning consumers found:

  • 82% of consumer respondents saying they would be wary or never buy from an automaker if they had been hacked.
  • 70% are concerned about the possibility of their car being hacked within the next 5 years.
  • 79% indicated that if their vehicle was hacked it would have a negative impact of their perception of that automaker.
    83% of baby boomers and 74% of millennials, saying a hack would damage their view of that automaker.

“Cars and trucks have evolved into highly-complex computers on wheels, with increased connectivity that presents some real and important cybersecurity risks, the most significant of which is safety,” said Gary Silberg, KPMG’s Automotive Sector Leader. “Unlike most consumer products, a vehicle breach can be life-threatening, especially if the vehicle is driving at highway speeds and a hacker gains control of the car. That is a very scary, but possible scenario, and it’s easy to see why consumers are so sensitive about cyber security as it relates to their cars.”

In conjunction with the consumer survey, KPMG conducted a survey of 100 automotive senior cybersecurity executives distributed evenly between chief information officer (CIO – 25%), chief information security officer (25%), chief security officer (25%), and chief technology officer (CTO – 25%).

KPMG found that

  • 68% of automotive cyber execs said they haven’t invested capital funds in information security in the past year – despite the fact that 85% admit their organizations have been breached in the past 2 years.
  • 55 % said there is not someone at their company whose sole responsibility is information security.

Silberg note that due to the potentially enormous damage to their brands and their sales, addressing cybersecurity concerns is a critical priority for automakers, and one they cannot afford to get wrong.”

Additional findings:

  • In the event of a hack, 41% of consumers said their number one fear would be someone else taking control of the car, followed by 25% who indicated financial information being stolen.
    46% of respondents said the owner or driver of the car should be the guardian of consumer and vehicle data.
    47% said the software and technology company whose products are in the car should be responsible for the security of ones connected car information.