Data runs the world. Estimates suggest 97 zettabytes will be created in 2022 alone; equivalent to 97 billion TBs. But while corporate IT bosses and regulators are waking up to the reality of the cyber risks this poses, few consider the connected car to be a potential driver of data security threats. They are wrong to do so. In fact, data is being produced by increasingly tech-centric vehicles at a prodigious rate, raising concerns about where it is being shared – and how securely.
A data explosion
The connected car market is starting to accelerate. It’s predicted to hit nearly $192bn in value by 2028, at a CAGR of 18%. Even non-electric vehicles (EVs) now boast a vast collection of microchips, controlling everything from the in-car entertainment system and heating to vital functions such as braking and collision avoidance. The pandemic-era chip shortage reportedly cost car manufacturers (OEMs) tens of billions of dollars, highlighting the critical role they play in vehicles today.
Yet with more computing power comes more data, and lots of it. Today’s cars are more akin to a computer on wheels – or more accurately, multiple computers. Intelligent sensors located all around the vehicle collect data – on temperature, oil levels, speed, location, etc. – and feed it back to the manufacturers’ servers, as well as to a centralized “vehicle data hub.”
Both present potential privacy risks, according to one report out this year. It claims that vehicle hubs collect data from all over the car – including connected smartphones – and offer it to third-party customers to help them build products and derive insights. These organizations range from insurance companies and city planners to advertisers, the report notes. It is a vehicle data industry which could apparently be worth as much as $800bn by 2030.
What are the risks?
The risk of all of this activity is that if the data isn’t properly aggregated or anonymized it could be combined by third parties to build fairly detailed profiles of drivers, their movements and even their vital signs. Some cars offer heart-rate monitoring via the driver’s seat, for example. A more immediate risk is the OEMs themselves, which have access to a huge volume of data points on drivers and vehicles, and so could theoretically represent a possible target for data thieves.
Vehicle industry players operating in the EU would need to comply with the GDPR on this, and those in California with the CCPA. That should make strong data encryption a must in order to prevent it getting into the wrong hands.
As vehicles continue to evolve and add features designed to appeal to commuters, the risk of sensitive corporate data loss will only grow. The industry is starting to wake-up to the importance of connected car privacy. As it does so, data-centric security will put OEMs and other corporate stakeholders in the driving seat.