The Impact of the Top 3 Strategic Imperatives on the Automotive Cybersecurity Market

Internal Challenges

• Collaborative efforts with ecosystem participants will be critical for OEMs and Tier 1 suppliers to establish compliance with upcoming cybersecurity regulations.
• Automakers should verify the security of supplier components and vehicle architecture throughout the development and ownership lifecycle.
• Cybersecurity specialist companies offer end-to-end services for automotive OEMs, from concept design, implementation, and management support to maintenance services.
• They also enhance cybersecurity testing capabilities through advanced solution integration and expertise partnerships to help OEMs and Tier 1s with regulatory compliance.
• These services will help simplify the regulatory approval process for OEMs and ensure enhanced threat protection in vehicles.

Disruptive Technologies

• With increasing connectivity features, advanced cybersecurity solutions will be necessary to secure next-gen connected vehicles.
• OEMs should establish a comprehensive cybersecurity model to proactively address the evolving threat landscape, especially with the advent of generative AI.
• Generative AI is expected to become a critical tool for hackers to identify new vulnerabilities, exploit them, and perform fleet-wide attacks.
• L4 vehicle security and AI-based autonomous vehicles will soon become critical and are expected to pick up pace beyond 2025.
• With the rising penetration of electric vehicles (EVs), bi-directional vehicle-to-grid and vehicle charging communications systems will gain traction in the next 2 to 3 years.

Competitive Intensity

• Intense competition among cybersecurity providers will be a strong stimulus to offer solutions at the optimal price points.
• IT services companies, enterprise security firms, and new cybersecurity start-ups will enter the ecosystem with innovative solutions, challenging the current competitive dynamics.
• Managed services to help OEMs and Tier 1s ensure seamless audit checks and regulatory compliance is expected to gain traction in the next 1 to 2 years.
• IT service companies are projected to provide long-term threat monitoring support for the automotive industry through cybersecurity management systems (CSMS) and vehicle security operations centers (VSOC).
• Risk-driven threat detection and prioritization solutions will act as a differentiator in the industry.

Key Segmentation

Automotive Cybersecurity

Passenger Vehicles—Cars and Light Pickup Trucks

• Globally, automakers prioritize connected passenger vehicles’ cybersecurity, especially in regions that mandate stringent regulations.
• Gaining unauthorized physical access to vehicles, stealing personal information of an individual, manipulating vehicle operations, and ransomware threats by attacking the vehicle’s electronic control units (ECU) are possible attack scenarios.
• Collaboration communities (Auto ISAC), government bodies (NHTSA, ENISA), and regulatory bodies (UNECE, ISO) are actively developing best practices, standards, and regulations to secure connected vehicles in the passenger segment.

Commercial Vehicles—Light, Medium, and Heavy-duty Trucks

• Commercial vehicles carry high-value cargo loads; hence, cyber attacks on these vehicles have the potential to be more severe than those on passenger vehicles.
• UNECE addresses cybersecurity for commercial vehicles and requires implementing stringent security practices to get type approval for new vehicles.
• Freight stealing, locking critical vehicle functions, hijacking driving controls, vehicle tracking, and navigation manipulation are some attack scenarios that will significantly impact organizations.

Competitive Environment:

Key Competitors

OEMs

• General Motors
• Volkswagen
• Ford
• Honda
• Hyundai
• Jaguar Land Rover
• Stellantis Group
• Geely Group
• Audi
• Daimler
• BMW
• Renault Nissan Mitsubishi
• Toyota
• Tata Group
• Tesla

Automotive Cybersecurity Companies

• Upstream Security
• ETAS GmbH
• Cybellum
• C2A Security
• Guardknox
• PlaxidityX (formerly Argus Cyber Security Ltd.)
• AUTOCRYPT
• Karamba Security
• Secure Elements
• CyberAutonomy
• VicOne

Tier 1 Suppliers

• Bosch
• LG
• Panasonic
• Honeywell
• Denso
• Aptiv
• Fujitsu
• Vector Informatik GmbH

Automotive Cloud

• IBM Cloud
• Azure
• AWS
• Google Cloud
• Ericsson Cloud
• Oracle Cloud

Enterprise IT Security Vendors

• Kaspersky
• McAfee
• Trend Micro
• Blackberry
• Irdeto

Key Findings

Challenges Ahead for OEMs

• With the emergence of regulatory mandates for automotive cybersecurity, OEMs are under pressure to navigate the challenging path of compliance, which involves extensive testing, increased costs, upgrading older models, and ensuring supply chain security.
• Some OEMs have discontinued vehicle models due to challenges complying with the upcoming regulations. Example: Porsche has ceased production of 718 and Cayman models in Europe.

Intensifying Competitive Landscape

• Automotive cybersecurity companies strive to address OEM challenges with upcoming regulations such as the UNECE WP.29 by enhancing testing capabilities to support OEMs with compliance and certification. Example: PlaxiidtyX (formerly Argus Cyber Security Ltd.) and dSPACE partnership aims to improve and streamline cybersecurity testing capabilities to accelerate product development.
• Cybersecurity solutions providers forge collaborations to strengthen software security platforms for automotive OEMs. Example: Cybellum and items partnership combines capabilities to deliver a more streamlined offering to help OEMs adhere to regulatory guidelines.

Regional Regulations Ramp Up

• Following the introduction of UNECE WP.29 R155 and R156, countries such as China and India have developed their own automotive cybersecurity standards to match UNECE cybersecurity regulations.
• North America lacks a federal cybersecurity mandate despite leading in connectivity. However, automakers are proactively adopting NHTSA and UNECE security guidelines to build consumer trust and to continue vehicle sales in UNECE member countries.

Increasing Vulnerabilities in EV Charging Infrastructure

• Cyber attacks on EV charging infrastructure are rising. These incidents could lead to failures in charging the vehicles, data theft, EV battery damages, and misconfigurations of charging equipment.
• ISO 15118 standard provides guidelines for encrypted EV charging communications. Though not a mandate, countries such as Germany, the Netherlands, Denmark, the United Kingdom, the United States, and Canada are gradually adopting the standard, with pilot projects and initiatives underway.

Service-based Models are Emerging

• OEMs build cybersecurity frameworks either in-house or through external partnerships. Given the growing complexity of the automotive industry in meeting stringent regulatory demands, specialized support is urgently needed. Managed cybersecurity services such as testing, compliance, and CSMS implementation and maintenance to attain regulatory compliance are increasingly popular among automotive OEMs.