Much of that maturity, both said, could come from a shift in two areas: perception and development.
The shift in perception, they said, is to move from thinking that security testing is simply an expense with no payback to realizing that it is an investment that will pay dividends with better functioning of components and far less risk to owners—risks that could result in brand damage, expensive recalls and perhaps even more expensive liability.
The shift in development would be what the security industry calls a “shift left”—to make security testing part of product development from the beginning and throughout the development life cycle, not just at the end.
Testing is an expense, Clark acknowledged. “But it is clear that effective testing is happening far too late. For the majority, testing is post product release, which can lead to a 6x–14x increase in cost.
“If we start to shift left—moving that testing earlier and earlier—we start to see a reduction in cost. Eventually it gets to where cybersecurity is just one of the standard processes, like safety testing for a vehicle. The time and expense will pay off,” he said.
And in spite of a significant list of weaknesses that need major improvement, Clark said auto manufacturers shouldn’t be upset about it. “They should look at this as a growth opportunity versus a threat to their industry,” he said.