Last week, we looked at how crucial security is for the connected car industry, given the risks involved. We also examined whether complete security is, in fact, an achievable goal. In today’s follow-up post, we’ll take a square look at how why cyber security for connected cars is such a complex challenge, as well as what we can do to achieve it at every point along the supply chain.
A complex task
"Automotive cyber security is so complex because of the multitude of suppliers involved in the supply chain," said journalist Susan Kuchinskas in a report released in association with the TU-Automotive Cybersecurity and TU-Automotive Detroit 2018 conferences. "That makes it quite difficult for any entity along the chain to understand how secure a component is."
Coding errors in the car's software could be exploited
The factory floor where hardware and software are installed could be compromised
Connected cars could be hacked on their way to the dealership
At the dealership, further vulnerabilities could crop up when software is installed or updated
After cars are sold and deployed, their two-way communications (WiFi, cellular, V2V, V2X, and over-the-air updates) could be attacked
The data that the cars produce and transmit to OEMs for storage could be breached
How to respond
Given the scope of the challenge, it's good news that auto makers, startups, and tier-one companies have been working together to secure connected cars. There are two keys: redundancy and monitoring.
Redundancy is a major part of any best-practice security effort. It's called defense in depth security, and the idea is, with many overlapping layers of protection, the odds against exploitation are stacked as high as possible.
As for monitoring, that too is par for the course in cyber security at large. Every year, the Verizon RISK team releases a national Data Breach Investigation Report. When asked how they get their information, they've historically said they learn about breaches the same way anyone else does: by reading the logs.
While no one can guarantee complete invulnerability for connected cars, the automotive industry can employ a multi-layered approach to security that demonstrates best practices at every level, from governance, to risk management, to design. It can prioritize threat detection and incident response. It can implement training and awareness for all parties along the chain, from tier one company to consumer, treating security as an iterative process that's never complete. And it can collaborate with third-parties to hone its security strategy at every level.
We're glad to note that cyber security is already high on the priority list for OEMs, automakers, and software vendors. It's rising in priority for consumers, too, as people become aware not only of the benefits, but of the risks that connected cars bring.
Can your policy administration system easily adapt to emerging risks? Silvervine can. Request a demo to learn more.
The FedNat Insured Web is a great tool for our insureds!
They like having a centralized location to view policy info, make payments, upload policy documents, and elect to become paperless to receive a discount.
The insureds also can file a First Notice of Loss for a claim and access exiting claim info. Silvervine recently enhanced the site which allows insureds to upload policy documents directly to their policy. The uploaded docs go directly into our workflows and save a lot of manual effort on our part.
From my visits with agents, the agents appreciate the app for the amount of time saved on having to download and attach photos directly to the policy.
The app can also reduce the amount of staff required for a busy office to fulfill underwriting requests for photos.
When training agents they are amazed at how quickly the photos attach directly to the policy. After taking photos using the app and before they make it back to their desk, the photo is already attached to the policy. They also like the ability to attach additional photos for pre-existing damage.
Customer Service is seeing an improvement with retention as the text message definitely triggers phone calls from insureds to make payments.
The insureds love the fact that we notify them on their phones because they state that sometimes they don’t receive their mail for various reasons.
The insureds are paying more attention to the texts then to their actual mail. We try to set all of our customers up on that option if we notice that they are not currently enrolled, as it builds great customer relations as well as retention.
As a company we have adopted the use of Policy Scan for all our policies, and our agents have adopted the use of the app as well.
Not only is it easy to use, there is also no more worrying about losing photos, having to store photos or photos being attached to the wrong policy.
With Policy Scan we have increased efficiency in our workflow and reduced our exposure on the risk.
Silvervine’s core administration solutions easily handles multiple carriers within multiple states, including accounting, payment processing, immediate policy issuance and endorsements.
What started out writing one product, one line in one state has now grown into mulitple products, multiple lines and writing in multiple states. We have over $95 million in annualized premium in-force and we expect to grow by 20% during the next year all serviced by Silvervine.
Silvervine was our insurance software system of choice when we started the company in 2006. Silvervine enabled us to begin business within a few months of licensing the company. Today, we are one of the top 20 homeowner’s writers in Texas and SIlvervine’s solutions have been an integral part of our success.