Securing the future of mobility

Addressing cyber risk in self-driving cars and beyond

By Greg Boehmer and Leon Nash

Climbing into a car has long been among the riskier things that people do—famously, the least safe part of an airplane trip is the drive to the airport.1 So it’s likely no surprise that self-driving cars’ safety is one of their most often cited benefits. Indeed, many expect the emerging mobility ecosystem,2 with increasing shared access to transportation as well as autonomous technology, to all but eradicate routine accidents.

But as the future of mobility offers potential growth and new sources of value creation, it presents new types of risk. The very innovations that aim to enhance the way we move from place to place entail first-order cybersecurity challenges. And the dangers that promptly come to mind—such as hacked autonomous vehicles crashing3—only begin to scratch the surface; indeed, they may not even represent the most likely or high-stakes threats.

After a century of addressing mainly problems with engineering, automakers are facing a new set of challenges. Other industries are also dealing with cybersecurity issues, and players in the mobility ecosystem can look to similar solutions, although the specific implementation of those solutions would need to be carefully shaped to fit the auto industry’s unique needs.

What steps companies take also likely depend on which ecosystem roles they intend to play. In The future of mobility, we envisioned four co-existing future states of mobility: some quite similar to today’s landscape and others that posit more ambitious vehicle sharing and autonomous driving possibilities (see figure 1).4 In general, as more vehicle functions become connected and automated, the scope of the risks increase. And as more and more users access a single vehicle as part of ride- or carsharing services, the scale of the potential risks grows, too.

Figure 1: Cyber risk in the future of mobility


Source 1: Deloitte analysis.

The path forward should incorporate a comprehensive approach to cybersecurity that makes connected vehicles and the associated ecosystems secure, vigilant, and resilient.

This likely involves a radical change to how organizations address cybersecurity:

Secure. Establish risk-focused controls around the most sensitive assets, balancing the need to reduce risk, while also enabling productivity, business growth, and cost optimization.

Vigilant. Develop monitoring solutions focused on critical business processes. By integrating threat data, IT data, and business data, companies can equip themselves with context-rich alerts to help prioritize incident handling and streamline incident investigation.

Resilient. Rapidly adapt and respond to internal or external changes—opportunities, demands, disruptions, or threats—and continue operations with limited impact to the business.

Cyber risk poses perhaps the greatest threat to the future of mobility, and data governance, privacy, and protection will likely be of paramount importance as individuals and organizations move to make it a reality. Just as collision warning systems and anti-lock brakes haven’t eliminated all road mishaps, a world of shared and autonomous vehicles can never be risk-free. A key challenge for players in the mobility ecosystem lies in making the degree of risk acceptable to both consumers and regulators. As automakers, technology companies, governments, and others place bets on how and when the future of mobility may unfold, those moves could be for naught without a broad understanding of the myriad cyber threats likely to emerge—and a concrete plan to address them.

To read our full report on cybersecurity and the future of mobility, visit https://dupress.deloitte.com/dup-us-en/focus/future-of-mobility/cybersecurity-challenges-connected-car-security.html.


1Aurelio Locsin, “Is air travel safer than car travel?,” USA Today, http://traveltips.usatoday.com/air-travel-safer-car-travel-1581.html.
2See Scott Corwin, Nick Jameson, Derek M. Pankratz, and Philipp Willigmann, The future of mobility: What’s next?, Deloitte University Press, September 14, 2016, http://dupress.deloitte.com/dup-us-en/focus/future-of-mobility/roadmap-for-future-of-urban-mobility.html; and Scott Corwin, Joe Vitale, Eamonn Kelly, and Elizabeth Cathles, The future of mobility, Deloitte University Press, September 24, 2015, http://dupress.com/articles/future-of-mobility-transportation-technology/.
3Lorenzo Franceschi-Bicchierai, “Car hacking looks much cooler in ‘Fate of the Furious’ than it does IRL,” Motherboard, March 9, 2017, https://motherboard.vice.com/en_us/article/fast-and-furious-8s-car-hacking-might-be-the-most-credible-stunt-in-the-movie.
4Corwin, et al., The future of mobility.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s