Leon Bosch, head of automotive at Gallagher
According to the UK Government’s Centre for Connected and Autonomous Vehicles, the market for connected vehicles is predicted to be worth £28bn by 2038.
Connected vehicle technology is revolutionising fleet management, with the introduction of telematics software that monitors vehicle performance and usage, and drivers’ behaviour – meaning companies can easily gather measurable, actionable data that can help run a more efficient fleet, control operating expenses and improve driver safety.
Unfortunately, however, connected fleets of commercial vehicles are increasingly at risk from cyber criminals who can wreak havoc, with connected vehicle technology creating an attack surface through which attackers can access the vehicle’s Controller Area Network (CAN).
Once inside, cyber attackers may be able to send commands to the vehicle from a remote location in order to steal data, track individual vehicles or entire fleets, or take full control of a vehicle by attacking the GPS navigation system to direct vehicles to remote locations, where they could steal it or its contents.
The costs to fleet management companies of a potential cyber incident go beyond direct financial losses – and could extend to payments being made to criminals in ransomware attacks, or significant fines under GDPR regulations in the event of customers’ personal identifiable information being stolen or leaked.
In addition, if a company has its fleet disrupted by a cyber attack, it is likely to experience substantial downtime between the onset of an incident and its resolution, and the incident could also have a significant effect on consumer confidence and brand reputation.
A single unprotected vehicle can compromise the whole fleet—just like a single unprotected computer can infect a whole network.
As the automotive industry becomes more focused on incorporating technology into smart vehicles, it is vital that cyber security is top-of-mind for fleet management companies, and any potential vulnerabilities are identified, to ensure that drivers, vehicles and systems are safe from cyber attacks, and to minimise the risk of financial, operational and reputational harm.
Having an incident response plan is key in order for fleet management companies to plan for how to maintain security over the lifetime of their systems, how to respond to system malfunctions, and how to return systems to a safe and secure state, as well as understanding what the impact would be of a potential attack.
There also needs to be a programme in place to identify critical vulnerabilities and appropriate systems put in place to mitigate them, with periodic reviews being conducted to keep it updated.
To prevent cyber attackers from gaining access to the network through vulnerabilities in older and outdated systems, it is important for fleet management companies to ensure applications and operating systems, as well as antivirus software and firewalls, are up-to-date.
Businesses should make sure all software is patched to the highest available version – meaning that all updates have been completed, and that any security vulnerabilities have been addressed.
Many cyber attacks originate from human errors within an organisation.
Providing colleagues with security awareness training can help them to understand vulnerabilities and threats to fleet operations and also make them aware of their responsibilities and accountability when using the internet for transferring data.
Creating cyber security policies for employees, include guidelines on password strength, remote work and bring-your-own-device (BYOD) usage, can help to further establish a culture of cyber safety.
There are practical steps fleet management companies can take to help protect their vehicles against cyber attacks, but they are still leaving themselves exposed to financial and reputational damage if they don’t also have suitable insurance in place.
That’s where the role of a specialist insurance broker comes in who can help fleet businesses identify, mitigate and respond to the risk of financial loss, disruption or regulatory exposure, and arrange insurance against cyber attacks.
Alongside a comprehensive fleet insurance policy, it is recommended that fleet management companies consider cyber insurance as part of their overall risk protection strategy to ensure adequate cover.
A standalone cyber policy contains a range of support measures, including help with developing cyber risk management procedures, and access to response teams, legal advice and IT consultants in the event of an attack.
The cybersecurity landscape for fleet management companies is changing rapidly as new technologies are emerging.
Never has it been more important for fleet businesses to adopt a multi-layered approach to cyber security - including having comprehensive insurance in place, ensuring software is up-to-date, and implementing employee awareness training - which will stand them in good stead to cope with any potential attacks.