Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 1)

RIC VICARI

VP EMEA

May 10, 2022

This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP EMEA.

Part 1: From Car Cos to Tech Cos

Similar to major players in telecoms, insurance, medical, etc., automotive OEM executives are looking at the stock valuation of Alphabet, Apple and Microsoft, and studying ways to achieve similar results through the transformation from a “Car Co.” into a “Tech Co”.

This is apparent to any shareholder who has heard about a company’s new revenue opportunities being offered via emerging software-based and data-driven services. As predicted by McKinsey and other analysts, the industry will see a 70/30 revenue split between vehicle sales and new services by 2030.

With revenue for the industry in the hundreds of billions of dollars, this potential to add a technology-based revenue of 30% without needing to produce more physical goods is a worthwhile endeavour.

However, the introduction of software-defined vehicles comes with its own complexity due to the 100 million lines of code present in each modern high-end vehicle. This much code earns such vehicles the prize of being some of the most complex software systems around, second only to Google when considering their full suite of services.

Automotive cybersecurity is the prerequisite for modern connected vehicles

The combination of software and internet connectivity represents a vulnerability to potential cyber attacks. Therefore, the safe launch and running of connected and software-defined vehicle services depend heavily on the deployment of a data-driven cybersecurity program.

It is not an exaggeration to state that the role of the cybersecurity community today is not just to protect individual assets from potential cybersecurity attacks, but rather to protect those new strategic revenue streams that will help the transformation of OEMs from “Car Co’s” to “Tech Co’s”.

Positive ROI from vehicle cybersecurity investments

Understanding the capabilities of the data collected by cybersecurity teams pivots the traditional view of cybersecurity from an expense to an investment.

A recent paper from Porsche Consulting even states that cybersecurity is not a box to check for upcoming regulations but a matter of competitive advantage. Yet, it has taken a new set of regulations to create a sense of urgency around this topic, with some OEMs making significant upfront investments, whilst other OEMs have chosen to implement a phased approach in the next three years.

In light of increasing volumes of cyber attacks, as regularly reported by Upstream’s threat intelligence analysts, it’s hard to understand why OEMs would choose to delay the implementation of state of the art cybersecurity monitor-detect-respond solutions and vehicle security operation centres (or VSOCs). Hackers in the field do not differentiate between OEMs who are moving quickly and those who take their time. Our deep and dark web automotive analysts have seen hackers colluding to discover weaknesses and vulnerabilities anywhere they can.

What OEMs must consider is not whether or not they should have an immediate comprehensive cybersecurity operation in place but rather how to do it and what is the path of least resistance in achieving their cybersecurity and data management goals.

In-house SIEM vs. automotive cloud cybersecurity solution

Whether to build or buy is a pivotal decision that all OEMs must make when looking to comply with standards and regulations, as well as begin utilising vehicle data.

While an in-house SIEM-based solution may be a top choice for experienced IT specialists, it falls short of meeting the unique in-field demands of modern connected vehicles.

To address this challenge, leading OEMs have looked to Upstream’s cloud-based cybersecurity and data management platform to obtain regulatory compliance, rapid time-to-market, accurate data collection and anomaly detection, and utilise their domain expertise to achieve the required scalability.

To dive deeper into what your data is capable of, book a demo or explore the latest white paper, Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre.

Newsletter Icon

The 2025 Global Automotive & Smart Mobility Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Proactive Quality, Powered by AI: A New Era for Automotive Manufacturing

As global markets tighten and margins shrink, the automotive industry finds itself at a crossroads: how do we balance innovation with efficiency? Nowhere is this…

Read more

Beyond CVEs: Why Automotive Cyber Threat Intelligence Must Cast a Wider Net

The recent volatility of CVE funding is a wake-up call for the automotive industry to rethink its risk and threat intelligence strategy. In the world…

Read more

Agentic AI in Action – How Service-as-a-Software Is Reinventing Automotive Cybersecurity Operations

In my previous post, I explored the paradigm shift brought on by service-as-a-software and agentic AI – and what it means for the future of…

Read more

From Services to Software – What the Agentic AI Economy Means for Automotive Cybersecurity

We are at the dawn of a new era in software and service delivery – one where the traditional boundaries between human expertise and digital…

Read more
Skip to content