With increasing autonomy and electrification, more cybersecurity measures are needed - creating a $1b software supplier sector.

Connected and autonomous vehicles have repeatedly proven vulnerable to cyberattacks by "white hat" and more malevolent infiltrators ­- making it essential to equip cars with more robust and effective cybersecurity solutions. OEMs, suppliers, and software companies are moving quickly to address the challenges involved in securing vehicles that are ever-more connected to the Internet of Things. As a result, the automotive cybersecurity market is booming.

Whether it is via vehicle diagnostics, ADAS systems, V2V connectivity, over-the-air software updates, wi-fi, and cellular, or telematics and infotainment systems, there are numerous portals for hackers to gain unwanted access to a vehicle - whether just for fun, or for more malicious reasons like stalking, personal data acquisition, or vehicle takeover.

The rise of electric vehicles (EVs) introduces new vulnerabilities, particularly their connectivity to EV charging stations and entry into the power grid. This aspect highlights the need for hacking countermeasures, not just for the vehicles themselves, but also for the infrastructure and systems.

In S&P Global Mobility's latest Cybersecurity Survey, automotive suppliers indicated secure communications and updates as their main priority to protect their vehicles and customers, as well as to comply with impending regulations associated with OTA software update systems.

Conversely, OEMs are focusing on software protection and open architecture that is more efficient and cost-effective for developing and deploying cybersecurity technologies to meet new security requirements.

"The threat of cyberattacks on a single vehicle or a fleet of vehicles is indeed real, either by individuals or groups," said Manuel Tagliavini, principal research analyst at S&P Global Mobility. "Software companies will be challenged to keep the vehicle parc secure from external bad actors, that have nowadays more opportunities to access the vehicle."

Client software volumes are projected to achieve a compound annual growth rate (CAGR) of 36% from 2021 to 2028. With more electric vehicles on the roads, the revenue growth of electrical control units (ECU) cybersecurity client solutions looks to grow by an astonishing 72.9% CAGR over the same period. As a result, overall cybersecurity software revenues are likely to exceed US$1 billion by the end of the period.

This growth is also driven by compliance factors. Worldwide regulations such as the WP29 and China's Personal Information Protection Law are making cybersecurity a mandatory requirement for new-vehicle platforms. These have led to a surge in cybersecurity spending from both automakers and suppliers.

Moving from distributed to centralized electronic architectures has led to shorter development cycles for new vehicles - creating a need for the ongoing protection of vehicles due to regulations on maintenance periods. This creates chances for automakers and suppliers to potentially use a subscription-based cybersecurity plan that covers the life of the car. Initially, most cybersecurity updates will be for parts inside the car, transitioning in 2030 to include a more advanced connection with the cloud.

Automotive OEMs are realizing the importance of adopting a comprehensive approach to automotive cybersecurity - both in their in-house software design and development processes and across the entire supply chain. Instead of relying on traditional intrusion detection and prevention systems (IDPS), it's key for companies to develop intrusion detection and response systems (IDRS) that can counter cyber threats in real-time - including the ability to analyse and process data both within the vehicle and in the cloud.

Currently, there are limitations to being able to perform those onboard functions. Due to the limited processing capabilities of most automotive ECUs, only some of the data collected is analysed in the car before being sent to the cloud for further processing. This is where security operation centres and AI machine learning can help detect anomalous behaviour that indicates a cybersecurity threat. With the development of AI-based sensor fusion solutions and data fusion across vehicles and cloud devices in the future, there is potential to aggregate data from multiple cars to analyse big data for potential threats.

Automotive product cycles moving at a glacial pace compared to rapidly changing software and hacking technologies. Collaboration between automakers, technology providers, and security experts will be essential for fostering innovation and developing effective cybersecurity solutions.

Email Us

• Get the latest news and research assets including webinars, podcasts, thought leadership articles, and whitepapers at the Mobility News & Assets Community.
  
  
• Find opportunities to access, engage and collaborate with thought leaders, experts, and partners at the S&P Global Mobility Program Calendar of events.
  
  
• View the on-demand webinar on Automotive Cybersecurity

This article was published by S&P Global Mobility and not by S&P Global Ratings, which is a separately managed division of S&P Global.