Kaspersky research reveals 64% of automotivebosses believe supply chain is vulnerable to cyber attack

Almost two-thirds (64%) of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, according to Kaspersky research published today [LINK HERE]. With key international regulation (UN R155/156) as set out by UN working party, UNECE WP.29, coming into play in less than 12 months stipulating that every vehicle is secured throughout its lifecycle, from development and production through to customer-use, the findings indicate that collaboration around cyber intelligence across the automotive supply chain has never been more important.

Kaspersky research reveals the range of attacks encountered by automotive companies every day, from vendor to supplier, at almost every stage of production, is vast. As the connected-car ecosystem continues to evolve, so too has the cybersecurity challenge which now extends far beyond being a simple IT issue with the biggest concerns outlined by the 200 C-suite execs surveyed being phishing (24%), WiFi/Bluetooth (23.5%), and ransomware attacks (23%). Over the past 12 months, Conti, LockBit, and Hive were the ransomware most commonly found in automotivecyberattacks.

From July 2024, UN155/156 as set out by UNECE WP.29 requires all OEMs and their supply chains to include multi-layered cybersecurity solutions to protect against current and future cyber-attacks or risk ceasing the manufacturing of that vehicle. However, the findings show an automotive C-suite that is still largely behind the curve with 42% of respondents stating that they do not currently have a plan in place ahead of the deadline. A further 63.5% stated they were not very involved in planning for compliance, despite 64% agreeing that dealing with cyber threats is a strategic board issue. 68.5% of respondents believe there needs to be more understanding across the sector of the implications of the standards and what they mean for businesses. 

“Automotive leaders are being swamped by a tide of competing priorities, unclear processes, and isolated threat intelligence, which is threatening the security of both their organisation, and an interconnected network of suppliers, manufacturers and service providers,” explained David Emm, Principal Security Researcher, Kaspersky. “The industry has passed an inflection point and there is now a clear danger that consumer privacy and safety may be compromised. The use of technology in vehicles, the supply chains required for their development, and the need to comply with regulation, have made it critical that the C-suite understands the cyber-risk their companies are facing and take immediate steps to inform their strategies.”

Cybercriminals are targeting suppliers in an attempt to gain access to manufacturer’s networks and compromise vehicles with the potential to cost lives. In particular, the research reveals that the integration of infotainment and connectivity software is now considered the biggest supply chain risk by over a third (34%) of respondents, with Over-the-Air (OTA) updates and vehicle-to-vehicle (V2V) communication seen as the biggest cybersecurity challenge (15.5%) over the next two years.

Clara Wood, Automotive Research Leader, Kaspersky, concludes, “Protecting businesses while tackling cybersecurity threats has radically changed from basic IT configurations, installing an antivirus and following best practices, to a whole new level of complex coding, unknown threats, and ongoing cyberattacks. Our research shows us that criminals are turning their focus towards the automotive supply chain and looking to exploit any weaknesses they can find. This is why cyber literacy is now a critical component if an increasingly interconnected automotive industry is to develop a culture of cybersecurity best practice, share knowledge, and institute actionable intelligence with a clear and quantifiable return on investment.”