The global cybersecurity industry will grow from $125.5 billion in 2020 to $198.0 billion in 2025 at a compound annual growth rate (CAGR) of 9.5%, according to the publisher forecasts. Since the infamous Jeep hack reported by Wired in 2015, the automotive industry has been painfully aware of the importance of cybersecurity. The ongoing burden of cyber breaches and cyberattacks will fall on car manufacturers since their systems and software will be at fault. Over the next few years, the implementation of standards and regulations will help automotive companies implement best practices.
Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and electronic data from attack, damage, or unauthorized access.
The global cybersecurity industry will grow from $125.5 billion in 2020 to $198.0 billion in 2025 at a compound annual growth rate (CAGR) of 9.5%, according to the publisher forecasts.
Cybersecurity is crucial for all automotive businesses
We are entering the Code War era, where every digital device, no matter how small, can be weaponized. Cybersecurity in vehicles has to be extensive, defending both the frontend and backend of vehicle systems and all the infrastructure upon which connected cars rely.
Original equipment manufacturers (OEMs) have to deal with human ingenuity that goes far beyond known threats. The enormous cost of infrastructure and resources needed to engineer and test cybersecurity for vehicles puts many OEMs on the back foot. With an estimated 300 million lines of code expected in a Level 5 autonomous vehicle, there will be an estimated 180,000 bugs in the code, amounting to some 15,000 security vulnerabilities. The importance of comprehensive cybersecurity in automotive cannot be overstated.
In automotive, cybersecurity is still in its infancy
The core competencies of OEMs cover the design, development, and production of components. Cybersecurity is not a core competence, meaning they lack the technical expertise required to implement effective cybersecurity measures. This leads to outsourcing, with OEMs often meeting only the most basic cybersecurity requirements to save on cost.
With the UN Economic Commission for Europe (UNECE) Regulation 155 coming into force in July 2022, the development of the ISO/SAE 21434 standard, and countries from the US to China adopting local regulations and oversight, there is a real requirement for manufacturers to get up to speed on cybersecurity, and to do so quickly.
Leaders and challengers
Below we list some of the leaders and challengers in cybersecurity across the automotive ecosystem.
OEMs
Leaders: BMW, General Motors, Hyundai, Mercedes-Benz.
Challengers: Kia, Lexus, Mahindra & Mahindra, Subaru, Suzuki.
Suppliers
Leaders: Aptiv, Continental, Denso, Infineon, Johnson Controls, Valeo.
Challengers: Aisin, Bosch, Faurecia, Mahle, Veoneer, ZF.
Specialist vendors and service providers
Leaders: Argus Cyber Security, Cybellum, Horiba Mira, Karamba, Majenta Solutions, Upstream Security, WISeKey.
Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and electronic data from attack, damage, or unauthorized access.
The global cybersecurity industry will grow from $125.5 billion in 2020 to $198.0 billion in 2025 at a compound annual growth rate (CAGR) of 9.5%, according to the publisher forecasts.
Cybersecurity is crucial for all automotive businesses
We are entering the Code War era, where every digital device, no matter how small, can be weaponized. Cybersecurity in vehicles has to be extensive, defending both the frontend and backend of vehicle systems and all the infrastructure upon which connected cars rely.
Original equipment manufacturers (OEMs) have to deal with human ingenuity that goes far beyond known threats. The enormous cost of infrastructure and resources needed to engineer and test cybersecurity for vehicles puts many OEMs on the back foot. With an estimated 300 million lines of code expected in a Level 5 autonomous vehicle, there will be an estimated 180,000 bugs in the code, amounting to some 15,000 security vulnerabilities. The importance of comprehensive cybersecurity in automotive cannot be overstated.
In automotive, cybersecurity is still in its infancy
The core competencies of OEMs cover the design, development, and production of components. Cybersecurity is not a core competence, meaning they lack the technical expertise required to implement effective cybersecurity measures. This leads to outsourcing, with OEMs often meeting only the most basic cybersecurity requirements to save on cost.
With the UN Economic Commission for Europe (UNECE) Regulation 155 coming into force in July 2022, the development of the ISO/SAE 21434 standard, and countries from the US to China adopting local regulations and oversight, there is a real requirement for manufacturers to get up to speed on cybersecurity, and to do so quickly.
Leaders and challengers
Below we list some of the leaders and challengers in cybersecurity across the automotive ecosystem.
OEMs
Leaders: BMW, General Motors, Hyundai, Mercedes-Benz.
Challengers: Kia, Lexus, Mahindra & Mahindra, Subaru, Suzuki.
Suppliers
Leaders: Aptiv, Continental, Denso, Infineon, Johnson Controls, Valeo.
Challengers: Aisin, Bosch, Faurecia, Mahle, Veoneer, ZF.
Specialist vendors and service providers
Leaders: Argus Cyber Security, Cybellum, Horiba Mira, Karamba, Majenta Solutions, Upstream Security, WISeKey.
Key Highlights
- The cybersecurity vulnerabilities specific to the auto industry are numerous. Hackers could compromise the safety and advanced driver assistance systems (ADAS) of a vehicle in use or, worse, manipulate any autonomous functionality to directly cause a crash. Bad actors could also access vehicle occupants’ private information such as current location, previous GPS destinations, or smartphone contacts. As automakers increasingly rely on over-the-air (OTA) updates to remotely add or upgrade vehicle features, cybersecurity efforts will be needed to ensure these methods are insulated from threat actors.
- At a higher level, automotive companies are also at risk of industrial cybercrime, such as the theft of valuable tech secrets or damage to their digital infrastructure. Insurance firm Munich Re expects global cybercrime damage across all industries to reach $10.5 trillion by 2025 compared to $6 trillion in 2021. The risk of cybercrime in the automotive industry continues to grow as vehicles become more connected and introduce more digital functions. Cybercrime already poses a significant threat to automotive players, with the well-known case of the Landwind X7 copying the design of the Range Rover Evoque being a prime example.
- Ransomware attacks impacted Honda, Volkswagen (VW), Peugeot, and Kia across 2020 and 2021, with other OEMs suffering data breaches. Many of the largest OEMs are still woefully unprepared, as demonstrated by a 2021 CyberAware survey of the 14 OEMs responsible for $1.1 trillion in car industry revenue annually. CyberAware identified over 800,000 unprotected documents hosted on exposed servers, clouds, and databases, with 215,000 employees having exposed or compromised credentials. The exposed information included commercial details, email exchanges, contracts, invoices, and technical data.
Scope
- The detailed value chain comprises 14 segments, ranging from chip-based security to identity management, network, endpoint, cloud, and application security, and services such as managed security, post-breach response, and risk and compliance. Leading and challenging vendors are identified across all 14 segments.
- Challenges the automotive sector is currently facing are outlined, and the ways they impact cybersecurity are addressed.
- Details of specific use cases of cybersecurity in the automotive sector are given,
- Forecasts are given for cybersecurity revenues to 2025 split by software, services, and hardware. Comprehensive industry analysis is also provided, looking at patent, company filing, hiring, and social media trends related to cybersecurity in the automotive sector.
- It contains details of global M&A deals driven by the cybersecurity theme, and a timeline highlighting milestones in the development of cybersecurity.
Reasons to Buy
- Understand the impact cybersecurity is having in the automotive space. Identify the emerging trends in the theme and how these developments might advance in the future. Learn about the different use cases and where they are emerging. View market and forecast data for the sector.
- Source the leading vendors for cybersecurity in the automotive industry from our winners lists and shortlist potential partners based on their areas of expertise.
- Quickly identify attractive investment targets by understanding which companies are most advanced in the themes that will determine future success in the automotive industry.
- The publisher's thematic research ecosystem is a single, integrated global research platform that provides an easy-to-use framework for tracking all themes across all companies in all sectors. It has a proven track record of identifying the important themes early, enabling companies to make the right investments ahead of the competition, and secure that all-important competitive advantage.
Table of Contents
- Executive Summary
- Cybersecurity Value Chain
- Automotive Challenges
- The Impact of Cybersecurity on Automotive
- Case Studies
- Data Analysis
- Companies
- Sector Scorecards
- Glossary
- Further Reading
- Our Thematic Research Methodology
- About the Publisher
- Contact the Publisher
List of Tables
- Automotive challenges
- Mergers and acquisitions
- Chief information security officers (CISOs)
- Leading cybersecurity adopters in automotive
- Leading cybersecurity vendors
- Specialist cybersecurity vendors in automotive
- Glossary
- Further Reading
List of Figures
- Key players in the cybersecurity value chain
- Cybersecurity value chain: overview, chip-based security, identity management, network security, endpoint security, threat detection and response, cloud security, data security, email security, application security, unified threat management, vulnerability management, managed security services, post-breach response services, risk and compliance services
- Results from Thematic Research: Thematic Sentiment Analysis Q1 2022
- Introduction of UNECE Regulation 155 by national type approval authorities
- Thematic impact assessment
- Horiba Mira’s Assured CAV Parking area
- Rhebo Industrial Protector monitoring an OT system
- Karamba Security’s XGuard in action
- Market size and growth forecasts, market size breakdown by key products and services
- Cybersecurity-related patents in automotive: overview, breakdown by company and geography
- Mentions of cybersecurity in automotive company filings: overview, breakdown by top companies, comparison to other themes
- Cyebrsecurity-related jobs in automotive: overview, breakdown by company, breakdown by seniority
- Social media posts about cybersecurity in automotive
- Cybersecurity timeline
- Future mobility sector scorecards: company screen, thematic screen, valuation screen, risk screen
- Parts and tires sector scorecards: company screen, thematic screen, valuation screen, risk screen
- Vehicle manufacturing sector scorecards: company screen, thematic screen, valuation screen, risk screen
Companies Mentioned (Partial List)
A selection of companies mentioned in this report includes, but is not limited to:
- 1Password
- Accenture
- Airbus (Stormshield)
- Aisin
- Akamai
- Alert Logic
- Alibaba
- Alphabet (Google)
- Alphabet (Siemplify)
- Alphabet (Waymo)
- Amazon
- AMD
- Analog Devices
- AnyVision
- Appgate
- Apple
- Aptiv
- Aqua Security
- Arcon
- Argus Cyber Security
- AT&T
- Atos
- Attivo Networks
- Autocrypt
- Aware
- BAE Systems
- Baidu
- Barracuda
- Barracuda Networks
- BeyondTrust
- BioEnable
- BlackBerry
- BMC Helix
- BMW
- Bosch
- Broadcom
- BT
- C2A
- Cadence Design Systems
- Capgemini
- Cato
- Check Point Software
- Checkmarx
- China Telecom
- China Unicom
- CipherCloud
- Cisco
- Clear Secure
- Clearview
- Cloudcheckr
- Cloudera
- Cloudflare
- CloudPassage
- CMITech
- Code42
- Cognitec
- Cognizant
- Continental
- Contrast Security
- CrowdStrike
- Cybellum
- CyberArk
- Cyberbit
- Cybereason
- Cymotive
- Cynet
- D3 Security
- Darktrace
- Dashlane
- Delinea
- Dell Technologies
- Dellfer
- Denso
- Deutsche Telekom
- Duo Security
- DXC Technology
- ekey
- Equifax
- Ermetic
- Exabeam
- Excelfore
- Expanse
- Extreme
- EY
- Eyelock
- F5 Networks
- Faurecia
- Forcepoint
- Ford
- Forescout
- ForgeRock
- Fortinet
- Foxpass
- Fugue
- Fujitsu
- General Motors
- GitLab
- Green Hills
- GuardKnox
- HCL Technologies
- Helpsystems
- Herjavec Group
- HID Global
- Hitachi
- Honda
- Horiba Mira
- Horizon Robotics
- HPE
- Huawei
- Hyundai
- IBM
- IBM (Red Hat)
- Idemia
- IDnow
- iFlytek
- Illumio
- Ilumio
- Impulse
- Infineon
- Informatica
- Infosys
- Innovatrics
- Intel
- Invicti
- iProov
- Iris ID
- IriusRisk
- Ironscales
- Ivanti
- Ivanti (MobileIron)
- Jaguar Land Rover
- Johnson Controls
- Juniper Networks
- Kairos
- Karamba
- Keen Lab
- Keysight
- Kia
- KnowBe4
- KPMG
- KT
- Lacework
- LastPass
- Lexus
- Lockheed Martin
- LogMeIn
- LogMeOnce
- Logrhythm
- Lookout
- Lumen Technologies
- Mahindra & Mahindra
- Mahle
- Majenta Solutions
- ManageEngine
- Marvell
- Megvii
- Mentor Graphics
- Mercedes-Benz
- Micro Focus
- Micron Semiconductor
- Microsoft
- Mimecast
- Mitsubishi
- NCC
- Ndias
- Netskope
- Nissan
- Nokia
- NordPass
- Northrop Grumman
- NTT Data
- Nvidia
- NXP
- NXP Semiconductors
- NXT-ID
- Okta
- Okta
- Onapsis
- One Identity
- OneLogIn
- OneSpan
- OneTrust
- Oracle
- Orange
- Orca Security
- Palantir
- Palo Alto Networks
- Panasonic
- Perimeter 81
- Ping Identity
- Portnox
- Proofpoint
- PwC
- Qualys
- Rapid7
- Raytheon BBN
- Raytheon Technologies
- Red Hat
- RedSeal
- Renesas
- Resolver
- Rhebo
- RSA
- Ruckus
- SAIC
- SailPoint Technologies
- Samsung Electronics
- SecureAuth
- SecureOne
- SecureThings
- Secureworks
- Securonix
- SenseTime
- SentinelOne
- Singtel (Trustwave)
- Skybox Security
- Skyhigh Security
- Snyk
- Softbank (Arm)
- SonicWall
- Sophos
- Splunk
- STMicroelectronics
- Subaru
- Sumo Logic
- Suzuki
- Swimlane
- Synopsys
- Tanium
- Tata Consultancy Services
- Tech Mahindra
- Tech5
- Telefónica
- Telstra
- Tenable
- Tesla
- Tessian
- Thales
- ThreatConnect
- Threatmetrix
- Threatmodeler
- TitanHQ
- Toyota
- Trellix
- Trellix
- Trend Micro
- TrueFace.AI
- Untangle
- Upstream Security
- Valeo
- Vector
- Veoneer
- Veracode
- Verizon
- Versa
- VMware
- VMware
- Vodafone
- Volkswagen
- WatchGuard
- WhiteHat Security
- Wipro
- WISeKey
- Yubico
- ZF
- Zscaler
