IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v44y2024i4d10.1007_s10669-024-09971-0.html
   My bibliography  Save this article

Exploring effective strategies against cyberattacks: the case of the automotive industry

Author

Listed:
  • Abraham Onipe Okomanyi

    (Enterprise Risk & Security, Cox Automotive, Inc.)

  • Audra R. Sherwood

    (Grand Canyon University)

  • Ekundayo Shittu

    (The George Washington University)

Abstract

Despite stringent regulatory scrutiny and increased cybersecurity spending, data breaches and cyberattacks have persisted, resulting in dire socioeconomic consequences. Particularly affected is the automotive industry, where original equipment manufacturers (OEMs) have implemented effective strategies against cyberattacks. Limiting the vulnerability of connected and autonomous vehicles to cyberattacks requires an expanded suite of strategies over and above technological safeguards. This study, guided by the National Institute of Standards and Technology cybersecurity framework, aimed to answer two questions: First, how do leaders of automotive OEMs describe and interpret the use of cybersecurity frameworks to prevent cyberattacks? Second, how does the perceived impact of potential cyberattacks influence the cybersecurity framework used by automotive OEM leaders? Using purposeful sampling, 20 automotive OEM leaders in the cybersecurity field responded to questionnaires and interviews to reveal three insights: (a) The automotive OEMs must reinforce bundled risk management frameworks because attackers will continue to exploit human vulnerabilities to gain access to secured systems, and this calls for reducing human vulnerabilities by understanding employee behaviors; (b) The leaders have to embrace open-threat intelligence through information sharing. Instructive for policy-making is the continued advocacy for threat intelligence-sharing platforms that are transparent and timely; (c) Uniquely insightful is leveraging blockchain technology to manage and securely track CAVs and their components enhances the automotive OEMs’ ability to maintain cyber-defensible CAV assets.

Suggested Citation

  • Abraham Onipe Okomanyi & Audra R. Sherwood & Ekundayo Shittu, 2024. "Exploring effective strategies against cyberattacks: the case of the automotive industry," Environment Systems and Decisions, Springer, vol. 44(4), pages 779-809, December.
    • Handle: RePEc:spr:envsyd:v:44:y:2024:i:4:d:10.1007_s10669-024-09971-0
    DOI: 10.1007/s10669-024-09971-0
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-024-09971-0
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-024-09971-0?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Aleksander Buczacki & Piotr Piątek, 2021. "Proposal for an Integrated Framework for Electronic Control Unit Design in the Automotive Industry," Energies, MDPI, vol. 14(13), pages 1-26, June.
    2. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    3. Narendra Sharma & Ebere A. Oriaku & Ngozi Oriaku, 2020. "Cost and Effects of Data Breaches, Precautions, and Disclosure Laws," International Journal of Emerging Trends in Social Sciences, Scientific Publishing Institute, vol. 8(1), pages 33-41.
    4. Nisha Rawindaran & Ambikesh Jayal & Edmond Prakash & Chaminda Hewage, 2021. "Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)," Future Internet, MDPI, vol. 13(8), pages 1-36, July.
    5. Geoff Walsham, 2006. "Doing interpretive research," European Journal of Information Systems, Taylor & Francis Journals, vol. 15(3), pages 320-330, June.
    6. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    7. David Morris & Garikayi Madzudzo & Alexeis Garcia-Perez, 2018. "Cybersecurity and the auto industry: the growing challenges presented by connected cars," International Journal of Automotive Technology and Management, Inderscience Enterprises Ltd, vol. 18(2), pages 105-118.
    8. Ekundayo Shittu & Geoffrey Parker & Nancy Mock, 2018. "Improving communication resilience for effective disaster relief operations," Environment Systems and Decisions, Springer, vol. 38(3), pages 379-397, September.
    9. Boyson, Sandor & Corsi, Thomas M. & Paraskevas, John-Patrick, 2022. "Defending digital supply chains: Evidence from a decade-long research program," Technovation, Elsevier, vol. 118(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Fabio Antonialli & Bruna Habib Cavazza & Rodrigo Gandia & Isabelle Nicolaï & Arthur de Miranda Neto & Joel Sugano & André Luiz Zambalde, 2020. "Human or machine driving? Comparing autonomous with traditional vehicles value curves and motives to use a car," Post-Print halshs-03687616, HAL.
    2. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    3. Khan Burhan Khan & Noor Ismawati Jaafar & Shamshul Bahri Zakaria, 2024. "The role of collectivist cultural practices in supporting a hybrid payment system among small and medium enterprises (SMEs) in Pakistan," Future Business Journal, Springer, vol. 10(1), pages 1-18, December.
    4. Arvin Sahaym & Joseph Vithayathil & Suprateek Sarker & Saonee Sarker & Niels Bjørn-Andersen, 2023. "Value Destruction in Information Technology Ecosystems: A Mixed-Method Investigation with Interpretive Case Study and Analytical Modeling," Information Systems Research, INFORMS, vol. 34(2), pages 508-531, June.
    5. Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).
    6. Amitai Gilad & Asher Tishler, 2024. "Measuring and Mitigating the Risk of Advanced Cyberattackers," Decision Analysis, INFORMS, vol. 21(4), pages 215-234, December.
    7. Md Shihab Shakur & Maishat Lubaba & Binoy Debnath & A. B. M. Mainul Bari & M. Azizur Rahman, 2024. "Exploring the Challenges of Industry 4.0 Adoption in the FMCG Sector: Implications for Resilient Supply Chain in Emerging Economy," Logistics, MDPI, vol. 8(1), pages 1-28, March.
    8. Letiche, Hugo & De Loo, Ivo & Lowe, Alan & Yates, David, 2023. "Meeting the research(er) and the researched halfway," CRITICAL PERSPECTIVES ON ACCOUNTING, Elsevier, vol. 94(C).
    9. Monideepa Tarafdar & Guohou Shan & Jason Bennett Thatcher & Alok Gupta, 2022. "Intellectual Diversity in IS Research: Discipline-Based Conceptualization and an Illustration from Information Systems Research," Information Systems Research, INFORMS, vol. 33(4), pages 1490-1510, December.
    10. Riccardo Bonazzi & Heidi Gautschi & Gianluigi Viscusi, 2023. "Discussing blockchain applications in TED Talks: A fashion wave approach to understanding the blockchain phenomenon," PLOS ONE, Public Library of Science, vol. 18(7), pages 1-15, July.
    11. Alessandro Annarelli & Giulia Palombi, 2021. "Digitalization Capabilities for Sustainable Cyber Resilience: A Conceptual Framework," Sustainability, MDPI, vol. 13(23), pages 1-9, November.
    12. Wu, Xingli & Liao, Huchang, 2023. "A compensatory value function for modeling risk tolerance and criteria interactions in preference disaggregation," Omega, Elsevier, vol. 117(C).
    13. Howard Miller & Charla Griffy-Brown, 2021. "Evaluating risk for top-line growth and bottom-line protection: enterprise risk management optimization (ERMO)," Environment Systems and Decisions, Springer, vol. 41(3), pages 468-484, September.
    14. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    15. Supunmali Ahangama, 2023. "Relating Social Media Diffusion, Education Level and Cybersecurity Protection Mechanisms to E-Participation Initiatives: Insights from a Cross-Country Analysis," Information Systems Frontiers, Springer, vol. 25(5), pages 1695-1711, October.
    16. Anuradha Colombage & Darshana Sedera, 2025. "The Fallacies in Chain-of-Custody in Sustainable Supply Chain Management: A Case Study from the Apparel Manufacturing Industry," Sustainability, MDPI, vol. 17(5), pages 1-27, February.
    17. Emily Heaney & Laura Hunter & Angus Clulow & Devin Bowles & Sotiris Vardoulakis, 2021. "Efficacy of Communication Techniques and Health Outcomes of Bushfire Smoke Exposure: A Scoping Review," IJERPH, MDPI, vol. 18(20), pages 1-14, October.
    18. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    19. Padmali Rodrigo & Emmanuel Ogiemwonyi Arakpogun & Mai Chi Vu & Femi Olan & Elmira Djafarova, 2024. "Can you be Mindful? The Effectiveness of Mindfulness-Driven Interventions in Enhancing the Digital Resilience to Fake News on COVID-19," Information Systems Frontiers, Springer, vol. 26(2), pages 501-521, April.
    20. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:44:y:2024:i:4:d:10.1007_s10669-024-09971-0. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.