Study: Execs say industry vulnerable to information leaks

Some Automakers and suppliers in the United States and Europe say they are vulnerable to electronic information leaks and sabotage despite expanding efforts to keep company data safe, a KPMG LLP study says.

Seven percent of those surveyed said their companies had suffered some kind of an electronic security breach in the last two years, while 85 percent said they had not. Another seven percent said they didn't know.

KPMG conducted the survey in August with 101 management and senior-level representatives from U.S. and European automakers and Tier 1 and Tier 2 suppliers. More than 70 percent of those surveyed by the consulting and accounting group said information security is an important strategic issue for their company. But 41 percent said they considered their companies' information security policies inadequate, and 38 percent said their companies are at least somewhat susceptible to a security breach.

Sixty-seven percent of those polled said their companies have a full-time information security specialist, and 56 percent said they have hired outside security consultants. Most - 95 percent of respondents - said their companies have ongoing security education programs.

Among the study's findings:

  • 71 percent of those polled said they consider information security a technology problem that can be solved with a technology solution; 25 percent consider it a strategic business issue that requires companywide efforts. KPMG said companywide security efforts make a company stronger.

  • 34 percent considered hackers their greatest security threat; 35 percent said employees pose the biggest risk. National studies by other organizations, including the FBI, have found that 80 percent of security leaks involve insiders, KPMG said.

  • 39 percent said they were increasing information technology spending; 45 percent said they were spending 20 to 40 percent of their information technology budgets on security.

    The study's author, Brian Ambrose, said one disconcerting finding was that non-management employees were generally out of the loop when it came to being educated about electronic security.

    "Companies need to move aggressively in educating and informing employees," said Ambrose, national industry director of KPMG's industrial and automotive products practice. "Employees are part of the problem, and the solution. A security environment aimed primarily at preventing outsider intrusions is destined for failure."

    Organizations must invest in security systems that will prevent, detect and respond to threats to information security, Ambrose says. Companies also need to increase their preparedness for security threats from inside.

    "Disasters such as the leakage of intellectual property, stoppage of business execution, or damage to corporate reputation impact shareholder value," says. "If companies are moving on e-business plans without adequate security measures, this is a recipe for disaster."

  • ATTENTION COMMENTERS: Automotive News has monitored a significant increase in the number of personal attacks and abusive comments on our site. We encourage our readers to voice their opinions and argue their points. We expect disagreement. We do not expect our readers to turn on each other. We will be aggressively deleting all comments that personally attack another poster, or an article author, even if the comment is otherwise a well-argued observation. If we see repeated behavior, we will ban the commenter. Please help us maintain a civil level of discourse.

    Email Newsletters
    • General newsletters
    • (Weekdays)
    • (Mondays)
    • (As needed)
    • Video newscasts
    • (Weekdays)
    • (Weekdays)
    • (Saturdays)
    • Special interest newsletters
    • (Thursdays)
    • (Tuesdays)
    • (Monthly)
    • (Monthly)
    • (Wednesdays)
    • (Bimonthly)
    • Special reports
    • (As needed)
    • (As needed)
    • Communication preferences
    • You can unsubscribe at any time through links in these emails. For more information, see our Privacy Policy.