Feb 17, 2021 SOURCE: PR NewsWire

Cyber is more than an IT issue in the automotive industry, new report finds

APMA's Institute for Automotive Cybersecurity and KPMG in Canada help suppliers close cybersecurity gaps

TORONTO, Feb. 17, 2021 /CNW/ - At a time when the automotive industry is increasingly focused on connected cars and information services, less than half (42 per cent) of Canadian auto parts manufacturers recognize how today's vehicles are potential hotbeds for cybersecurity threats, finds a new report by the Automotive Parts Manufacturers' Association's (APMA) Institute of Automotive Cybersecurity (apmaIAC) and KPMG in Canada.

The joint apmaIAC / KPMG Canadian automotive cyber preparedness report finds that many auto parts suppliers have yet to embrace the elements of security, privacy, and cyber safety in their operations because they feel their individual product offering is not technologically advanced. Yet, today's vehicles are micro-communities in themselves with vehicle-to-everything technology. And, cyber threats also extend to the manufacturers themselves and they need to guard all parts of their operations including supply chain systems, the hardware and software facilitating manufacturing equipment, robotics, customer channels, and back-office operations from attacks.

"Cyber has many faces in today's automotive industry and pose significant risks if left unchecked," says Flavio Volpe, president, APMA. "The reality is that now, more than at any other time in manufacturing, companies must safeguard their products, operations, and systems no matter the type of components, parts, systems, and assemblies they produce."

The report notes automobile original equipment manufacturers (OEMs) and their suppliers in Canada need to prepare for several domestic and international vehicle cybersecurity-related regulations - from Transport Canada's Vehicle Cyber Guidance to the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations. The U.N. regulation, for example, will require companies to document how they will prevent specific kinds of incidents, report information on cyberattacks and inform authorities at least once a year on whether their cybersecurity measures have been effective.

As well, the forthcoming IS021434 Road Vehicles Cybersecurity Engineering standard has set cybersecurity risk management requirements for road vehicle systems, components, and interfaces throughout all stages of their development from engineering, production, operation and maintenance to decommissioning, according to the report.

OEMs reported they are holding suppliers at every tier more responsible for protecting their contributions to the supply chain, underscoring the urgency to shift the mindset on cybersecurity.

"Building a cyber secure culture means keeping security awareness top of mind for all individuals in the organization - not just IT," says KPMG's John Heaton, partner, cybersecurity services. "Every company - no matter the product - has cyber 'digital crown jewels' that must be secured. Companies at every link in the supply chain must identify and protect these and ensure the partners they share data with are taking the same steps."

Closing the cybersecurity gap

The report highlights six key considerations to help the industry close its cybersecurity gaps and embed cyber governance throughout the organization:

    --  Embrace a new cyber culture: Everyone in the supply chain must take
        cybersecurity into consideration. It only takes one weak link to expose
        the entire chain.
    --  Identify your cyber leader: Every organization needs to identify a
        senior leader, who is accountable for cyber. They should not be an IT
        executive, but somebody senior, who is accountable for cyber across the
        enterprise and equipped with the skills and knowledge to do so
        effectively.
    --  Understand your crown jewels: You can't protect your operations
        effectively if you don't know what needs protecting.
    --  Look beyond IT: Your IP and operational technologies are your
        competitive edge. Failure to protect them from theft, damage, or leaks
        could mean losing your market position.
    --  Consider your lifecycle: Cybersecurity isn't all about the final
        product. Effective cyber governance covers the entire process, from
        design and engineering, to production and distribution, post-sale
        service and beyond. Each step comes with its own cyber considerations.
    --  Don't wait to lead: While there are many good examples of Canadian
        companies taking charge with cyber, the sector tends to wait on
        directions from their OEMs or customers to make a culture shift. It's
        important to take that lead now, both within your enterprise and among
        your supply chain, because anything that happens will inevitably impact
        you.

ABOUT APMA

The Automotive Parts Manufacturer's Association (APMA) is Canada's national association representing OEM producers of parts, equipment, tools, supplies, advanced technology, and services for the worldwide automotive industry. The Association was founded in 1952 and its members account for 90% of independent parts production in Canada. In 2018, automotive parts shipments were over $35 Billion, and the industry employment level was over 100,000 people. https://www.apma.ca

ABOUT APMA's INSTITUTE OF AUTOMOTIVE CYBERSECURITY

Automotive Parts Manufacturers' Association (APMA) of Canada and Vehiqilla Inc. launched the APMA Institute of Automotive Cybersecurity (apmaIAC). The institute will assist in providing guidance and best practices to Canadian automotive parts manufacturers, helping support the privacy/safety/security culture. The apmaIAC will focus on the following four areas: Governance, Assessments, Education and Technology. https://apmaiac.ca/

About KPMG in Canada

KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs nearly 8,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.

The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see home.kpmg/ca

SOURCE KPMG LLP

KPMG LLP

Related News

KPMG LLP Collaborates With Microsoft To Help Businesses Reopen

KPMG LLP and Coin Metrics, Inc. enter strategic alliance

KPMG LLP and Appian Launch Workplace Reentry Digital Toolkit

COVID-19 shaping venture capital investment in Canada: KPMG

KPMG Launches "Elevate" to Help Companies Enhance Performance, Realize Savings and Build New Capabilities

KPMG to Offer New COVID-19 Convalescent Plasma Donor Matching Solution

KPMG To Offer New Climate Accounting Capability To Help Clients Measure Greenhouse Gas Emissions

KPMG Survey: American Consumers Want More Control, Visibility Into How Companies Use Their Personal Data

View all News

Latest Procurements

Work Health and Safety Management System Software

The National Capital Authority are seeking a work health and safety management system (WHSMS) software package.

Industry Briefing April 2024 - Defence Estate Capital Works Program

On 17 April 2024, the 2024 National Defence Strategy and Integrated Investment Program was launched. Defence invites industry to attend a virtual briefing in relation to the Defence estate and...

Community Perceptions Survey

This Approach to Market (ATM) is for the provision of a supplier to manage the communication of the Community Perception Survey

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Elcome Integrated Systems Pvt. Ltd.

Aecom

JD Solution Co. Ltd.

View All Companies