EEJournal

industry news
Subscribe Now
September 9, 2021

Cybellum and the Automotive Security Research Group (ASRG) Survey finds that the automotive industry isn’t ready for upcoming cybersecurity regulations

Top 50 Global OEMs and Tier-1-2 automotive suppliers were surveyed to assess their preparedness against vulnerabilities and threats

TEL AVIV, Israel, Sept. 8, 2021 /PRNewswire/ — Cybellum, a leader in product security lifecycle management and The Automotive Security Research Group (ASRG) released a report today outlining the results of a joint survey conducted amongst top global OEMs and Tier-1-2 suppliers, to assess how the automotive industry currently handles vulnerability management.

“With UNECE WP.29 R155 enforcement fast approaching in Japan, South Korea and the EU, and ISO/SAE 21434 just officially released, it is concerning to find that about 30% of respondents have not started preparing for these new cybersecurity requirements and only 6% are fully prepared,” said John Heldreth, founder of ASRG. “As of 2022, automotive cybersecurity will no longer be a best-practice, but rather mandated and enforced – the industry must shift gears and ready itself for this new era.”

According to the report, automotive players are not ready for the upcoming regulation and are lagging behind IT security practices in their organization. Some of the key findings include:

  • 63% of respondents haven’t automated any aspect of their vulnerability management process
  • 65% consider timely assessment of new vulnerabilities to be a growing challenge
  • 43% note manual processes as the reason behind lengthy security assessments while 42% cite lack of coordination along the supply chain as a hurdle for timely assessments
  • 74% prioritize vulnerability management solutions that automate post-production continuous monitoring
  • Only 6% are fully ready for the upcoming UNECE WP.29 R155 regulation

“The continued rise in automotive cyber risk and regulatory requirements developed in response require that the automotive industry – one whose core operations haven’t changed much over the last few decades – rethink its approach to vulnerability management,” noted Slava Bronfman, CEO of Cybellum. “Manual processes deemed sufficient in the past will not be good enough. The survey shows this is a major concern of OEMs and their suppliers – Automation of product security assessments and post-production security operations is needed to scale vulnerability management in light of new challenges.”

The Cybellum/ASRG report covers a wide range of issues relevant to automotive cybersecurity and vulnerability management ranging from current levels of preparedness for the regulations to average time to fix vulnerabilities all the way to vulnerability management use cases.

A full copy of the free report is available for download via the Cybellum website – here.

About ASRG

The Automotive Security Research Group (ASRG) is a non-profit organization focused on the advancement of the automotive security industry. Through knowledge, networking and collaboration, we enable the worldwide community of more than 8000 members in 44 locations to create more secure products by building competencies in automotive security. To get more involved, make an impact on the industry, participate in a technical committee, or become part of a project, please reach out to us. You can find out more about ASRG at www.asrg.io, or send us an email at hello@asrg.io.

About Cybellum

Cybellum empowers automotive OEMs and suppliers to identify and remediate security risks at scale, throughout the entire vehicle life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions to eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting vehicles on the road. Read more at automotive.cybellum.com or follow us on LinkedIn.

Leave a Reply

featured blogs
Sci-Fi and Fantasy Books They Should Make into Movies
May 6, 2026
Hollywood has struck gold with The Lord of the Rings and Dune'”so which sci-fi and fantasy books should filmmakers tackle next?...
More from Max's Cool Beans...

featured paper

Want early design analysis without simulation?

Sponsored by Siemens Digital Industries Software

Traditional verification methods are failing today's complex IC designs, which require a proactive, early-stage analysis approach. A shift-left methodology addresses IP block integration challenges and the limitations of traditional simulation and ERC tools. Insight Analyzer detects hard-to-find leakage issues across power domains, enabling early analysis without full simulation. Identify inefficiencies earlier to reduce rework, improve reliability, and enhance power performance.

Click to read more!

featured chalk talk

Designing Scalable IoT Mesh Networks with Digi XBee® for Wi-SUN
Sponsored by Mouser Electronics and Digi and Silicon Labs
In this episode of Chalk Talk, Quinn Jones from Digi, Chad Steider from Silicon Labs and Amelia Dalton explore how Wi-SUN Micro-Mesh can reduce cost and simplify deployment for your next IoT mesh network. They also investigate the benefits that Digi XBee solutions bring to these types of networks and how you can jump start your next IoT mesh network design with Silicon Labs and Digi.
Click here for more information about Digi XBee® Wi-SUN® Modules
May 4, 2026
21,100 views