30% of automotive employees don’t check security protocols before trying a new tool, according to Salesforce. This could put their company and customer data at risk.
Alarming rise in automotive API attacks
Cybersecurity is a growing concern in the automotive industry, particularly as companies store and use exponentially more data to power connected car features.
According to Upstream, the number of automotive API attacks increased by 380% last year alone. And, 34% of automotive employees in Salesforce’s survey said their company receives more security threats now than two years ago.
Salesforce’s research explores the implications of gaps between company security efforts and employee actions, and reveals a need for automotive organizations to empower employees with trusted, easy-to-use technologies.
Automotive employees take risks with personal devices at work
42% of employees in the automotive industry have experimented with generative AI for work, compared to 15% in healthcare and 12% in government agencies.
As the industry transitions to software-defined vehicles and adopts new technologies to digitize and personalize customer experiences, it becomes increasingly important to protect sensitive information about vehicles, drivers, and passengers. The research shows that there’s a long road ahead:
- 49% of automotive employees think that generative AI, like ChatGPT and DALL-E, is safe to use at work.
- 50% say they personally don’t have to worry about security at work.
- Just 44% of automotive employees consider their connected devices (e.g., mobile phone, laptops) to be a cybersecurity risk.
- 64% access work documents or systems from a personal device (e.g., mobile phone, laptop).
- 68% assume if they can access something on their work device, it must be safe.
- 63% believe their personal devices are as secure as their work devices.
“As cars become increasingly connected and the automotive industry continues to digitize its operations, more data will be generated that will open the industry up to increased risk,” said Achyut Jajoo, SVP and GM of Automotive and Manufacturing, Salesforce. “It is important that automotive employees understand the importance of cyber hygiene and take a proactive approach to data security.”
Data security in the automotive industry
Employees are only one piece of the puzzle. While 72% of automotive employees say they have a security-first culture, and 74% say their company has the tools needed to keep data secure, 21% say that security protocols are not strictly enforced.
Company-sponsored training is the natural course of action to close these gaps, and a majority (71%) say they have the training needed to keep data secure. However, the training itself needs a revamp to keep security top-of-mind and working in practice, according to the data:
- 20% automotive employees don’t find security training to be valuable, and the same number don’t find it relevant to their job.
- 26% don’t know what to do in the event of a breach.
- 29% have accidentally clicked on a suspicious link at work.
- 35% use the same passwords for personal and work-related logins.
- Just 35% use multi-factor authentication every time.
- And 20% never use VPN for online work.
“Automotive companies can foster a strong culture of trust and security by continuously engaging their employees to protect customer and company information. And they can empower them with regularly updated and patched technologies built with security at their core,” continued Jajoo.