industry news
Subscribe Now

Cybellum and the Automotive Security Research Group (ASRG) Survey finds that the automotive industry isn’t ready for upcoming cybersecurity regulations

Top 50 Global OEMs and Tier-1-2 automotive suppliers were surveyed to assess their preparedness against vulnerabilities and threats

TEL AVIV, Israel, Sept. 8, 2021 /PRNewswire/ — Cybellum, a leader in product security lifecycle management and The Automotive Security Research Group (ASRG) released a report today outlining the results of a joint survey conducted amongst top global OEMs and Tier-1-2 suppliers, to assess how the automotive industry currently handles vulnerability management.

“With UNECE WP.29 R155 enforcement fast approaching in Japan, South Korea and the EU, and ISO/SAE 21434 just officially released, it is concerning to find that about 30% of respondents have not started preparing for these new cybersecurity requirements and only 6% are fully prepared,” said John Heldreth, founder of ASRG. “As of 2022, automotive cybersecurity will no longer be a best-practice, but rather mandated and enforced – the industry must shift gears and ready itself for this new era.”

According to the report, automotive players are not ready for the upcoming regulation and are lagging behind IT security practices in their organization. Some of the key findings include:

  • 63% of respondents haven’t automated any aspect of their vulnerability management process
  • 65% consider timely assessment of new vulnerabilities to be a growing challenge
  • 43% note manual processes as the reason behind lengthy security assessments while 42% cite lack of coordination along the supply chain as a hurdle for timely assessments
  • 74% prioritize vulnerability management solutions that automate post-production continuous monitoring
  • Only 6% are fully ready for the upcoming UNECE WP.29 R155 regulation

“The continued rise in automotive cyber risk and regulatory requirements developed in response require that the automotive industry – one whose core operations haven’t changed much over the last few decades – rethink its approach to vulnerability management,” noted Slava Bronfman, CEO of Cybellum. “Manual processes deemed sufficient in the past will not be good enough. The survey shows this is a major concern of OEMs and their suppliers – Automation of product security assessments and post-production security operations is needed to scale vulnerability management in light of new challenges.”

The Cybellum/ASRG report covers a wide range of issues relevant to automotive cybersecurity and vulnerability management ranging from current levels of preparedness for the regulations to average time to fix vulnerabilities all the way to vulnerability management use cases.

A full copy of the free report is available for download via the Cybellum website – here.

About ASRG

The Automotive Security Research Group (ASRG) is a non-profit organization focused on the advancement of the automotive security industry. Through knowledge, networking and collaboration, we enable the worldwide community of more than 8000 members in 44 locations to create more secure products by building competencies in automotive security. To get more involved, make an impact on the industry, participate in a technical committee, or become part of a project, please reach out to us. You can find out more about ASRG at, or send us an email at

About Cybellum

Cybellum empowers automotive OEMs and suppliers to identify and remediate security risks at scale, throughout the entire vehicle life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions to eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting vehicles on the road. Read more at or follow us on LinkedIn.

Leave a Reply

featured blogs
Sep 20, 2021
The Cadence Scholarship Program is the flagship CSR program of Cadence India, introduced five years ago. Many meritorious students from under-served sections of society drop out of the education... [[ Click on the title to access the full blog on the Cadence Community site. ...
Sep 18, 2021
Projects with a steampunk look-and-feel incorporate retro-futuristic technology and aesthetics inspired by 19th-century industrial steam-powered machinery....
Sep 15, 2021
Learn how chiplets form the basis of multi-die HPC processor architectures, fueling modern HPC applications and scaling performance & power beyond Moore's Law. The post What's Driving the Demand for Chiplets? appeared first on From Silicon To Software....
Aug 5, 2021
Megh Computing's Video Analytics Solution (VAS) portfolio implements a flexible and scalable video analytics pipeline consisting of the following elements: Video Ingestion Video Transformation Object Detection and Inference Video Analytics Visualization   Because Megh's ...

featured video

Accurate Full-System Thermal 3D Analysis

Sponsored by Cadence Design Systems

Designing electronics for the data center challenges designers to minimize and dissipate heat. Electrothermal co-simulation requires system components to be accurately modeled and analyzed. Learn about a true 3D solution that offers full system scalability with 3D analysis accuracy for the entire chip, package, board, and enclosure.

Click here for more information about Celsius Thermal Solver

featured paper

Detect. Sense. Control: Simplify building automation designs with MSP430™ MCU-based solutions

Sponsored by Texas Instruments

Building automation systems are critical not only to security, but worker comfort. Whether you need to detect, sense or control applications within your environment, the right MCU can make it easy. Using MSP430 MCUS with integrated analog, you can easily develop common building automation applications including motion detectors, touch keypads and e-locks, as well as video security cameras. Read more to see how you can enhance your building automation design.

Click to read more

featured chalk talk

Silicon Lifecycle Management (SLM)

Sponsored by Synopsys

Wouldn’t it be great if we could keep on analyzing our IC designs once they are in the field? After all, simulation and lab measurements can never tell the whole story of how devices will behave in real-world use. In this episode of Chalk Talk, Amelia Dalton chats with Randy Fish of Synopsys about gaining better insight into IC designs through the use of embedded monitors and sensors, and how we can enable a range of new optimizations throughout the lifecycle of our designs.

Click here for more information about Silicon Lifecycle Management Platform