Skip to Main Content
VISUALIZE | INSIGHTS THAT POWER INNOVATION

Why it’s time to rethink vehicle cybersecurity

We’ve known for years now that vehicles can be hacked. But when it comes to vehicular cybersecurity, it may no longer make sense to conceive of potential risk exposures on a vehicle-by-vehicle basis, but as an entire interconnected ecosystem.

Each connection in this tangled web could represent a potential vulnerability for bad actors to exploit.

Imageegvsa

When it comes to vehicular cybersecurity, it may no longer make sense to conceive of potential risk exposures on a vehicle-by-vehicle basis, but as an entire interconnected ecosystem.

Cyber risks in the mobility ecosystem

Packed with semiconductors, software, wireless radios, and Internet connectivity, modern cars and trucks are as much electronic devices as they are mechanical ones.1 This connectivity and electronic sophistication enables a wealth of new features, while introducing numerous potential vulnerabilities.2

In a recent Emerging Issues webinar, Giuseppe Serio, the Vice President of Market Development for the automotive cybersecurity and data management firm Upstream, outlined how this new web of risk surrounding the automotive market could change how we think about vehicle cybersecurity.

For example, in the webinar Serio highlighted various potential threat vectors and their cyber risks, such as:

  • Service stations and dealers
  • EV charging stations
  • Mobile apps
  • Remote servers and software updates

What are vehicle hackers doing today?

Vehicle hacking may conjure up hair-raising visions of drivers losing control of their cars to remote operators, but according to Upstream, close to 40 percent of all cyber incidents recorded by the company from 2010-2021 involved privacy and data breaches. The second-most prevalent incident was a cyberattack that led to a vehicle theft or break in, followed by control of car systems and service/business disruption.

An emerging risk for today’s vehicles: tomorrow

Computer and smartphone users may understand this dynamic well: After a few years, old hardware can no longer run new software—at least, not securely. Vehicle hardware and software may follow a similar trajectory, Serio noted, potentially increasing an older vehicle’s vulnerability to cyberattacks.

Want to dig deeper into these potential vehicle cyber risks? Listen to our discussion with Serio on our latest Emerging Issues webinar on demand here


Andrew Blancher, CPCU

Andrew Blancher, CPCU, is director of commercial automobile product development and Emerging Issues at Verisk. You can contact him at Andrew.Blancher@verisk.com.


Visualize Subscribe

Get the best of Visualize!

Get the latest news and insights straight to your inbox.

Subscribe now

  1. Vikram Chaudhary, “Semiconductors: Your car is a computer on wheels,” Financial Express, March 12, 2022. < https://www.financialexpress.com/auto/car-news/semiconductors-your-car-is-a-computer-on-wheels/2458677/ >, accessed on November 18, 2022.
  2. Alexa St. John, “Connected vehicles vulnerable to major hacks, Upstream Security says,” Automotive News, December 17, 2020, < https://www.autonews.com/regulation-safety/connected-vehicles-vulnerable-major-hacks-upstream-security-says >, accessed on November 18, 2022.

You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.