IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v44y2024i4d10.1007_s10669-024-09971-0.html
   My bibliography  Save this article

Exploring effective strategies against cyberattacks: the case of the automotive industry

Author

Listed:
  • Abraham Onipe Okomanyi

    (Enterprise Risk & Security, Cox Automotive, Inc.)

  • Audra R. Sherwood

    (Grand Canyon University)

  • Ekundayo Shittu

    (The George Washington University)

Abstract

Despite stringent regulatory scrutiny and increased cybersecurity spending, data breaches and cyberattacks have persisted, resulting in dire socioeconomic consequences. Particularly affected is the automotive industry, where original equipment manufacturers (OEMs) have implemented effective strategies against cyberattacks. Limiting the vulnerability of connected and autonomous vehicles to cyberattacks requires an expanded suite of strategies over and above technological safeguards. This study, guided by the National Institute of Standards and Technology cybersecurity framework, aimed to answer two questions: First, how do leaders of automotive OEMs describe and interpret the use of cybersecurity frameworks to prevent cyberattacks? Second, how does the perceived impact of potential cyberattacks influence the cybersecurity framework used by automotive OEM leaders? Using purposeful sampling, 20 automotive OEM leaders in the cybersecurity field responded to questionnaires and interviews to reveal three insights: (a) The automotive OEMs must reinforce bundled risk management frameworks because attackers will continue to exploit human vulnerabilities to gain access to secured systems, and this calls for reducing human vulnerabilities by understanding employee behaviors; (b) The leaders have to embrace open-threat intelligence through information sharing. Instructive for policy-making is the continued advocacy for threat intelligence-sharing platforms that are transparent and timely; (c) Uniquely insightful is leveraging blockchain technology to manage and securely track CAVs and their components enhances the automotive OEMs’ ability to maintain cyber-defensible CAV assets.

Suggested Citation

  • Abraham Onipe Okomanyi & Audra R. Sherwood & Ekundayo Shittu, 2024. "Exploring effective strategies against cyberattacks: the case of the automotive industry," Environment Systems and Decisions, Springer, vol. 44(4), pages 779-809, December.
    • Handle: RePEc:spr:envsyd:v:44:y:2024:i:4:d:10.1007_s10669-024-09971-0
    DOI: 10.1007/s10669-024-09971-0
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-024-09971-0
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-024-09971-0?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Aleksander Buczacki & Piotr Piątek, 2021. "Proposal for an Integrated Framework for Electronic Control Unit Design in the Automotive Industry," Energies, MDPI, vol. 14(13), pages 1-26, June.
    2. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    3. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    4. Narendra Sharma & Ebere A. Oriaku & Ngozi Oriaku, 2020. "Cost and Effects of Data Breaches, Precautions, and Disclosure Laws," International Journal of Emerging Trends in Social Sciences, Scientific Publishing Institute, vol. 8(1), pages 33-41.
    5. Nisha Rawindaran & Ambikesh Jayal & Edmond Prakash & Chaminda Hewage, 2021. "Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME)," Future Internet, MDPI, vol. 13(8), pages 1-36, July.
    6. Geoff Walsham, 2006. "Doing interpretive research," European Journal of Information Systems, Taylor & Francis Journals, vol. 15(3), pages 320-330, June.
    7. Ekundayo Shittu & Geoffrey Parker & Nancy Mock, 2018. "Improving communication resilience for effective disaster relief operations," Environment Systems and Decisions, Springer, vol. 38(3), pages 379-397, September.
    8. Boyson, Sandor & Corsi, Thomas M. & Paraskevas, John-Patrick, 2022. "Defending digital supply chains: Evidence from a decade-long research program," Technovation, Elsevier, vol. 118(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    2. Arvin Sahaym & Joseph Vithayathil & Suprateek Sarker & Saonee Sarker & Niels Bjørn-Andersen, 2023. "Value Destruction in Information Technology Ecosystems: A Mixed-Method Investigation with Interpretive Case Study and Analytical Modeling," Information Systems Research, INFORMS, vol. 34(2), pages 508-531, June.
    3. Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).
    4. Amitai Gilad & Asher Tishler, 2024. "Measuring and Mitigating the Risk of Advanced Cyberattackers," Decision Analysis, INFORMS, vol. 21(4), pages 215-234, December.
    5. Md Shihab Shakur & Maishat Lubaba & Binoy Debnath & A. B. M. Mainul Bari & M. Azizur Rahman, 2024. "Exploring the Challenges of Industry 4.0 Adoption in the FMCG Sector: Implications for Resilient Supply Chain in Emerging Economy," Logistics, MDPI, vol. 8(1), pages 1-28, March.
    6. Letiche, Hugo & De Loo, Ivo & Lowe, Alan & Yates, David, 2023. "Meeting the research(er) and the researched halfway," CRITICAL PERSPECTIVES ON ACCOUNTING, Elsevier, vol. 94(C).
    7. Monideepa Tarafdar & Guohou Shan & Jason Bennett Thatcher & Alok Gupta, 2022. "Intellectual Diversity in IS Research: Discipline-Based Conceptualization and an Illustration from Information Systems Research," Information Systems Research, INFORMS, vol. 33(4), pages 1490-1510, December.
    8. Alessandro Annarelli & Giulia Palombi, 2021. "Digitalization Capabilities for Sustainable Cyber Resilience: A Conceptual Framework," Sustainability, MDPI, vol. 13(23), pages 1-9, November.
    9. Wu, Xingli & Liao, Huchang, 2023. "A compensatory value function for modeling risk tolerance and criteria interactions in preference disaggregation," Omega, Elsevier, vol. 117(C).
    10. Howard Miller & Charla Griffy-Brown, 2021. "Evaluating risk for top-line growth and bottom-line protection: enterprise risk management optimization (ERMO)," Environment Systems and Decisions, Springer, vol. 41(3), pages 468-484, September.
    11. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    12. Supunmali Ahangama, 2023. "Relating Social Media Diffusion, Education Level and Cybersecurity Protection Mechanisms to E-Participation Initiatives: Insights from a Cross-Country Analysis," Information Systems Frontiers, Springer, vol. 25(5), pages 1695-1711, October.
    13. Emily Heaney & Laura Hunter & Angus Clulow & Devin Bowles & Sotiris Vardoulakis, 2021. "Efficacy of Communication Techniques and Health Outcomes of Bushfire Smoke Exposure: A Scoping Review," IJERPH, MDPI, vol. 18(20), pages 1-14, October.
    14. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    15. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    16. Vicki Bier, 2020. "The Role of Decision Analysis in Risk Analysis: A Retrospective," Risk Analysis, John Wiley & Sons, vol. 40(S1), pages 2207-2217, November.
    17. Michael Weber & Martin Engert & Norman Schaffer & Jörg Weking & Helmut Krcmar, 2023. "Organizational Capabilities for AI Implementation—Coping with Inscrutability and Data Dependency in AI," Information Systems Frontiers, Springer, vol. 25(4), pages 1549-1569, August.
    18. Lexis Alexander Tetteh & Cletus Agyenim‐Boateng & Samuel Nana Yaw Simpson, 2024. "Institutional pressures and accountability processes in pursuit of sustainable development goals: Insights from Ghanaian indigenous oil companies," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 31(1), pages 89-107, January.
    19. Katarzyna Grzybowska & Patrycja Hoffa-Dabrowskas, 2022. "Digital Technology for Digital Supply Chain – Οverview," European Research Studies Journal, European Research Studies Journal, vol. 0(3), pages 582-594.
    20. Deping Xiong & Nada Khaddage-Soboh & Muhammad Umar & Adnan Safi & Diego Norena-Chavez, 2024. "Redefining entrepreneurship in the digital age: exploring the impact of technology and collaboration on ventures," International Entrepreneurship and Management Journal, Springer, vol. 20(4), pages 3255-3281, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:44:y:2024:i:4:d:10.1007_s10669-024-09971-0. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.