Survey: 8 In 10 consumers would be wary of automaker that had been hacked

(July 26, 2016) NEW YORK — Automakers are investing heavily in autonomous and connected-car technology, increasing potential for cyber-attacks against vehicles.  However, failure to prevent a vehicle hack could be devastating to their brands and the bottom line with 82% of consumer respondents saying they would be wary or never buy from an automaker if they had been hacked, according to the 2016 KPMG Consumer Loss Barometer study.

In the KPMG survey of 449 car-owning consumers, 70% are concerned about the possibility of their car being hacked within the next 5 years.  Additionally, 79% indicated that if their vehicle was hacked it would have a negative impact of their perception of that automaker. The concern cuts across generational lines, with 83% of baby boomers and 74% of millennials, saying a hack would damage their view of that automaker.

"Cars and trucks have evolved into highly-complex computers on wheels, with increased connectivity that presents some real and important cyber security risks, the most significant of which is safety," said Gary Silberg, KPMG's automotive sector leader. 

"Unlike most consumer products, a vehicle breach can be life-threatening, especially if the vehicle is driving at highway speeds and a hacker gains control of the car. That is a very scary, but possible scenario, and it's easy to see why consumers are so sensitive about cyber security as it relates to their cars."

In conjunction with the consumer survey, KPMG conducted a survey of 100 automotive senior cyber security executives distributed evenly between chief information officer (CIO – 25%), chief information security officer (25%), chief security officer (25%), and chief technology officer (CTO - 25%).  KPMG found that 68% of automotive cyber execs said they haven't invested capital funds in information security in the past year — despite the fact that 85% admit their organizations have been breached in the past 2 years.  Additionally, 55 % said there is not someone at their company whose sole responsibility is information security.

"Automakers are playing catchup when it comes to cyber security," said Silberg. "But the threat is real, and the implications of a vehicle breach could be catastrophic for consumers and the automakers alike. Car companies need to take action now and make cyber security a strategic imperative to ensure they are doing everything possible to protect the drivers of their vehicles."

Silberg adds, "Due to the potentially enormous damage to their brands and their sales, addressing cyber security concerns is a critical priority for automakers, and one they cannot afford to get wrong."

Additional findings:

    • In the event of a hack, 41% of consumers said their number one fear would be someone else taking control of the car, followed by 25% who indicated financial information being stolen

    • 46% of respondents said the owner or driver of the car should be the guardian of consumer and vehicle data

    • 47% said the software and technology company whose products are in the car should be responsible for the security of ones connected car information