The automotive industry has been a tight-knit and exclusive club since the 1950s automobile boom. After months of distress caused by semiconductor chip shortages, assembly plant shutdowns, and higher prices, is that still the case?

The race to digitalisation is not foreign to the automotive industry. During the pandemic-driven slowdown, the automakers took the opportunity to rediscover themselves, reinvent their processes, and invest in new sources.

It was not the legacy giants, but Tesla that taught us it is possible to break the pattern and thrive through agility and re-thinking. Gigafactories are here to stay, and they will also grow and spread while embodying new, highly specialised companies. Smaller, local hubs will ultimately fulfil production with the agility the industry needs at traditional models’ expense. This amplifies the number of players whereby we will see unprecedented weddings and divorces between start-up and legacy mentality.

By 1994, car manufacturers had on-boarded computers to diagnose problems for repair. Little did we know at that time how cellular connectivity and cutting-edge technologies would revolutionise the entire industry. By 2009, Mercedes had launched the first car that owners could access via smartphone. Since then, the scope of connected vehicles increased to include diagnostics, fuel level, location, and remote start. Slowly but steadily, OEMs found ways to monetise vehicle data to provide the software-defined car consumers demanded.

Vehicle data certainly provides valuable insight to the manufacturers. However, questions arise about what data is stored and where, who has access to the information, and what protective measures are in place. Upstream Security Ltd recently published a report highlighting that 39.9% of automotive-related cyber incidents in the past 12 years involved PII breaches. What’s more, 50% of all reported automotive-related cybersecurity incidents took place during the past two years alone. Hence, data remains bad actors’ first line of attack.

Denso’s Notice of Unauthorized Access to Group Company is just one of the latest examples of how hackers can gain access and take control of your information. But cases of bad actors remotely accessing or controlling cars through their internet connection have been news for years.

When purchasing, renting, or licensing a car or auto part, consumers should think about performance and extras as much as what data may be collected, processed, or stored once they are connected. Buyers, sellers, and manufacturers may not know what kind of electronic information resides in the infrastructure of the parts they produce/sell, and how policies relate to it. Bad actors will weaponise and exploit IT-system weaknesses to craft sophisticated attacks and steal information for profit.

The dynamism of the changes gravitating around OEMs, aftermarket parts, and the technologies involved, created a new need for the industry to proactively look at the electronic information they collect, process, and hold, and establish workflows to manage regulatory requirements and unforeseen obstacles quickly and efficiently. Still, cybersecurity issues are hurting the automotive industry, and the more tech advancements are made, the more money the industry stands to lose.

What happens when a vehicle is hacked and data is taken? Wouldn't it be powerful to truly understand what PII and other sensitive information is housed in these vehicles and therefore the entire organisation?