Safeguarding Connected Cars from Cyber and Privacy Threats

It goes beyond protecting the vehicle and owner, to ensuring the entire connected ecosystem is secure.

Automobile Cockpit, Various Information Monitors And Head Up Displays
iStock.com

Automobiles are no longer just machines that get us from one place to another — they’re complex, connected systems full of different technologies, each potentially exposing consumers to privacy, cybersecurity, and safety risks. 

Automakers face a tough challenge: how best to secure systems against increasingly complex cyber threats while protecting the vehicle, its data and the mobility network. At the same time, they must continue to provide the convenience and safety features drivers expect.

As cars evolve into connected and increasingly autonomous vehicles, integrating connected technologies — from infotainment systems to advanced driver assistance systems — present numerous security challenges. Every connected technological component in an automobile can serve as a data entry point for cybercriminals, making the risk of cyber threats even bigger.

As auto manufacturers increase collaboration with tech companies, they expose themselves to cyber incident risks like those faced by other industries. Consider this: a new vehicle can have more lines of code than a large airplane, and with that complexity comes the need for more advanced cybersecurity measures. 

Recent data supports this view. According to Kyndryl’s Cyber Gauge 2024 study, manufacturing is among the top three sectors reporting the highest incidents of cyberattacks. Despite this, only 26 percent of manufacturing leaders feel prepared to handle various external risks, as highlighted in the 2024 Kyndryl Readiness Report. 

If bad actors compromise vehicles or their systems, the impact could extend beyond threats to individual safety — potentially disrupting entire transportation networks and the services that depend on them. 

Risk Mitigation Strategies 

One of the most effective ways to manage the risk of cyberattacks is to minimize the available “attack surface” – reducing the number of ways for bad actors to infiltrate a network. Data anonymization plays a key role in this effort. That’s because the increasing use of data in autonomous and connected vehicles — everything from adapting to driver preferences to optimizing vehicle performance — creates a need to protect the massive amounts of data these systems collect. Anonymizing this data reduces the likelihood that cybercriminals can access and exploit it. 

Broader risk mitigation strategies such as segmenting network components, implementing advanced encryption protocols and using intrusion detection systems tailored for the automotive industry can also help reduce a network’s attack surface. Mitigating risk is not just about protecting the vehicle. Rather, it’s about helping to secure the entire connected ecosystem— from the vehicle to the cloud and beyond. 

Automakers and manufacturers must also consider third-party risks as they integrate more software and hardware into vehicles. A holistic cybersecurity and resilience approach involves continuous monitoring of these third-party vendors to help strengthen compliance with strict security standards. The dependency on third-party vendors increases vulnerability, which is why regular third-party risk assessments must be a priority within the auto industry. 

Navigating the Regulatory Environment 

Cybersecurity regulations are evolving fast as governments and industry groups worldwide roll out new standards and guidelines. In the automotive industry, these regulations aim to keep consumers safe, protect vehicles and stop bad actors from exploiting connected car technologies. However, research shows few manufacturers are ready to adapt. The 2024 Kyndryl Readiness Report found that while 61 percent of manufacturing leaders are concerned about the pace of changing policies and regulations, only 28 percent feel prepared.

In the U.S., the National Highway Traffic Safety Administration has laid out recommendations for securing connected vehicles. Meanwhile, the EU’s General Safety Regulation requires all new vehicles to be equipped with appropriate cybersecurity features. Meeting these requirements can be complicated and costly, especially for automakers that operate across different regions 

At Kyndryl, we work closely with our clients to design cybersecurity frameworks that help them protect against threats and support their compliance with the latest regulatory requirements. This is especially critical as new regulations, such as the Cyber Resilience Act in the EU, continue to emerge.

As automotive technologies evolve, so too will the threats. Automakers must adopt a proactive and continuous approach to cybersecurity, helping to ensure that they can adapt to emerging challenges. This means regularly updating software, conducting thorough cybersecurity and resiliency assessments, and fostering a culture of cybersecurity awareness across manufacturers and their suppliers. 

Protecting connected vehicles from cyber threats will be just as critical as designing efficient, sustainable and safe transportation systems. By focusing on robust cybersecurity measures and embracing a regulatory framework that prioritizes safety and data integrity, the automotive industry can move toward a more secure future. 

We are in a new era of mobility. But with that comes the responsibility to protect these systems and the people who use them.

More in Software