Just under 40 percent of leading automotive companies believe that their information security processes are vulnerable to a serious security breach while even more think that their formal information security processes are inadequate.

These figures have emerged from the most recent automotive survey from business advisory firm KPMG. The survey questioned 95 automotive leaders from original equipment manufacturers and tier one and tier two suppliers across Europe and the USA.

While the survey does show that executives in the automotive industry are grasping the importance of information security, 38 percent of respondents claimed to feel susceptible to a serious security breach. In addition, many still view security as an issue which is solved with a technology fix, ignoring the human angle.

Commenting on the results, John Guy, Head of Industrial & Automotive Products at KPMG, said: “The results have highlighted progress in terms of automotive leaders grasping the importance of information security as well as showing up major gaps in their preparedness. While the progress is welcome, there is still a long road ahead until companies have comprehensive information security programs in place. They are vulnerable right now.”

According to Guy, two key areas of concern for automotive companies are the lack of security education and training for employees and regarding information security as simply a technology problem. On the second point, the KPMG survey found that 71 percent of the respondents view information security as a technology problem that can be handled by a technology solution. Only 25 percent view information security as a strategic business issue that requires an integrated organisational solution.

On a positive note, the survey found that automotive companies are rapidly hiring security professionals and increasing budgets. Sixty-seven percent of the respondents said their firms have hired a full-time information security specialist while 39 percent said they were increasing spending on information technology. In addition, 95 percent of the respondents reported that their firms had implemented an ongoing program of security education.

However, the KPMG survey found that non-management employees were significantly behind the upper ranks on being informed on information security matters. The survey also found automotive executives underestimating the source of threats. Thirty-four percent considered hackers their greatest threat and almost an equal number, 35 percent, felt that employees posed the greatest threat despite the fact that studies indicate that 80 percent of incidents involve insiders.

“Companies need to move aggressively in educating and informing employees as they are part of the problem and the solution. A security environment aimed primarily at preventing outsider intrusions is destined for failure,” Guy said.

In terms of e-business, 67 percent reported that their companies have a comprehensive e-business plan. Yet, when asked how adequately this plan addresses security, 56 percent said completely adequately with 38 percent saying somewhat adequately.

“This is disturbing,” said Guy. “Disasters such as the leakage of intellectual property, stoppage of business or damage to corporate reputation do have an impact on shareholder value. If companies are moving on e-business plans without adequate security measures, this is a recipe for disaster.”