Seven percent of those surveyed said their companies had suffered some kind of an electronic security breach in the last two years, while 85 percent said they had not. Another seven percent said they didn't know.
KPMG conducted the survey in August with 101 management and senior-level representatives from U.S. and European automakers and Tier 1 and Tier 2 suppliers. More than 70 percent of those surveyed by the consulting and accounting group said information security is an important strategic issue for their company. But 41 percent said they considered their companies' information security policies inadequate, and 38 percent said their companies are at least somewhat susceptible to a security breach.
Sixty-seven percent of those polled said their companies have a full-time information security specialist, and 56 percent said they have hired outside security consultants. Most - 95 percent of respondents - said their companies have ongoing security education programs.
Among the study's findings:
The study's author, Brian Ambrose, said one disconcerting finding was that non-management employees were generally out of the loop when it came to being educated about electronic security.
"Companies need to move aggressively in educating and informing employees," said Ambrose, national industry director of KPMG's industrial and automotive products practice. "Employees are part of the problem, and the solution. A security environment aimed primarily at preventing outsider intrusions is destined for failure."
Organizations must invest in security systems that will prevent, detect and respond to threats to information security, Ambrose says. Companies also need to increase their preparedness for security threats from inside.
"Disasters such as the leakage of intellectual property, stoppage of business execution, or damage to corporate reputation impact shareholder value," says. "If companies are moving on e-business plans without adequate security measures, this is a recipe for disaster."