Deloitte Insights delivers proprietary research designed to help organizations turn their aspirations into action.

DELOITTE INSIGHTS

  • Home
  • Spotlight
    • Weekly Global Economic Outlook
    • Top 10 Reading Guide
    • Celebrating Earth Month
    • Artificial Intelligence
    • Resilience
  • Topics
    • Strategy
    • Economy & Society
    • Operations
    • Workforce
    • Technology
  • Industries
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Technology, Media, & Telecom
  • More from Deloitte Insights
    • About
    • Deloitte Insights Magazine
    • Press Room Podcasts
Deloitte.com
Deloitte Insights logo
  • SPOTLIGHT
    • Weekly Global Economic Outlook
    • Top 10 Reading Guide
    • Celebrating Earth Month
    • Resilience
    • Artificial Intelligence
  • TOPICS
    • Strategy
    • Economy & Society
    • Operations
    • Workforce
    • Technology
  • INDUSTRIES
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Technology, Media,& Telecom
  • MORE FROM DELOITTE INSIGHTS
    • About
    • Deloitte Insights Magazine
    • Press Room Podcasts
  • Welcome!

    For personalized content and settings, go to your My Deloitte Dashboard

    Latest Insights

    Creating opportunity at the intersection of climate disruption and regulatory change

    Article
     • 
    7-min read

    Better questions about generative AI

    Article
     • 
    2-min read

    Recommendations

    Tech Trends 2025

    Article

    TMT Predictions 2025

    Article

    About Deloitte Insights

    About Deloitte Insights

    Deloitte Insights Magazine, issue 33

    Magazine

    Topics for you

    • Business Strategy & Growth
    • Leadership
    • Operations
    • Marketing & Sales
    • Diversity, Equity, & Inclusion
    • Emerging Technologies
    • Economy

    Watch & Listen

    Dbriefs

    Stay informed on the issues impacting your business with Deloitte's live webcast series. Gain valuable insights and practical knowledge from our specialists while earning CPE credits.

    Deloitte Insights Podcasts

    Join host Tanya Ott as she interviews influential voices discussing the business trends and challenges that matter most to your business today. 

    Subscribe

    Deloitte Insights Newsletters

    Looking to stay on top of the latest news and trends? With MyDeloitte you'll never miss out on the information you need to lead. Simply link your email or social profile and select the newsletters and alerts that matter most to you.

Welcome back

To join via SSO please click on the key button below
Still not a member? Join My Deloitte

Cyber everywhere: Preparing for automotive safety in the face of cyber threats

by Steve Schmith, Ryan Robinson
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
7 minute read 16 October 2019

Cyber everywhere: Preparing for automotive safety in the face of cyber threats An executive interview with GM’s Jeff Massimilla

7 minute read 16 October 2019
  • Steve Schmith United States
  • Ryan Robinson Canada
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email

The success of the interconnected automotive ecosystem may hinge on cybersecurity. GM’s Jeff Massimilla speaks about what the company is doing to protect its operations, vehicles, and consumers from cyber threats, and how the industry is moving forward in its pursuit of cyber safety.

In today’s connected world, cyber is everywhere. This is particularly true in the automotive sector, where advanced, connected technologies are producing unprecedented disruption in almost every aspect of the automotive ecosystem, including manufacturing and supply chain, consumer engagement, connected and autonomous vehicles, dealer interactions, financing and, of course, enterprise operations.

With disruption often comes wide-ranging cyber risks for the automotive ecosystem. Cyberattacks can breach data, privacy, and safety; disrupt operations and compromise coveted intellectual property; cause financial losses; and dilute consumer trust in a brand. These are daunting challenges—but they also open up interesting opportunities. To gain insight on how automakers are approaching “cyber everywhere,” we sat down with General Motors’ (GM) vice president of global cybersecurity, Jeff Massimilla, to understand what GM is doing from an enterprise and product perspective to mitigate cyber risk.

Learn more

Explore the cyber risk collection

Download the Deloitte Insights and Dow Jones app

DELOITTE: How would you describe “cyber everywhere” in the automotive industry and how has it evolved over the past five years?

JEFF MASSIMILLA: The very concept of “cyber everywhere” has evolved greatly over the past five years. Earlier, it focused just on information technology systems, with the aim to prevent the loss of intellectual property. Even then, GM had a somewhat broader definition than other companies because of OnStar.1 Today, however, cyber everywhere is truly an end-to-end connected ecosystem, from the back office through the telecom carriers and down to the platform itself, enabling automated driving and convenience features, mobile hotspots, and so on. GM still has an information security function, but it has evolved to be highly focused on data privacy. Focus has also moved to the manufacturing environment, the most recent evolution of cyber everywhere across most industries. Insulating manufacturing from disruption, while protecting employees and product integrity, is all very important now. As a result, our cybersecurity organization is involved in every aspect of GM’s business.

“Understanding the different solutions and sharing knowledge across the industry are critical to address the rapidly evolving cyber threat landscape.”

DELOITTE: How can automotive companies promote external collaboration to address cyber risks?

JM: Collaborations, whether within or outside of the automotive industry, are extremely important to understanding different solutions, and sharing this knowledge is critical in addressing the rapidly evolving cyber threat landscape. We collaborate with several industries including medical devices, aerospace and defense, and consumer electronics. The point of these relationships is to exchange knowledge and expertise around the key challenges in connected ecosystems. In the automotive industry, we have two very specific collaboration initiatives. The first is the US Auto Information Sharing and Analysis Center (Auto-ISAC), which allows us to collaborate within a competitive industry. It encourages meaningful interactions among automotive companies with varying levels of cyber maturity. It provides a safe, trusted environment for participants to create best practices for the entire industry. The second critical piece is related to supply chain security—we work closely with our partner suppliers to ensure the integrity, security, and quality of our products. Collaboration presents some challenges too, with the main one being forming a collaboration mentality across the ecosystem, so that everyone is working together to mitigate the risks of cyber incursion.

DELOITTE: How do you navigate the threat of cyber risk to your business operations and products when you work with partners that might be operating in less mature cyber environments?

JM: Over the past few years, awareness of cybersecurity, as it applies to safety and privacy in the automotive industry, has skyrocketed. Regulation is not far behind either—the California Consumer Privacy Act, Europe’s General Data Protection Regulation, various privacy regulations in South America, and regulatory activities on this front in China. The importance of having a strong cyber posture across these global markets cannot be overstated. Closer to home, at GM, cyber is a key priority and I’m impressed with, and appreciative of, GM’s leadership in establishing maturity around cyber. GM’s strong focus on cyber emanates from the CEO and her senior leadership team. We also have a cybersecurity committee within our board of directors. I truly believe that is the foundation for driving maturity in this space. Additionally, we try to share everything we can to bring the entire industry up, rather than compete on cyber. After all, cyber has to be done correctly, so that there is no risk to our customers or products.

“We try to share everything we can to bring the entire industry up, rather than compete on cyber.”

DELOITTE: What sets GM apart in terms of its approach to cyber everywhere?

JM: There are varying levels of maturity among companies operating both within and outside the automotive space. Certainly, several organizations take it very seriously. There are also companies in the middle and some that have not prioritized cyber as an operational imperative. Large companies like us, that have the ability to attract the best cyber talent, have a responsibility to provide expertise, best practices, and tangible solutions to help smaller companies that struggle to get the right talent.

DELOITTE: Overall, how would you rank the industry’s preparedness for the challenges of cyber today and how well do you think the industry is prepared for cyberattacks?

JM: The Auto-ISAC is foundational to the cyber preparedness of the auto industry and establishing trust among competing organizations. For example, if a major cyberattack puts customer safety at risk, we would tap into the Auto-ISAC structure to share updates and discuss mitigation strategies in real time because customer safety is most important in our industry. In addition, the Auto-ISAC is uniquely positioned to facilitate proactive incident-response exercises. We do this within our company all the time, but to do it as an industry—interacting with other stakeholders in the event of a cyber incident—is another level of preparedness.

DELOITTE: How is GM bringing consumers along in this cyber journey?

JM: We recognize that the increasing level of autonomy in vehicles can make cybersecurity a fundamental concern for our consumers. Yet in our experience, consumers don’t necessarily equate increasing vehicle connectivity with cybersecurity risk. Further, although data privacy is a concern, consumers may relate that more to the data and devices they bring into the vehicle. All that being said, we believe that overall consumer behavior and good cyber hygiene are a critical part of our ability to keep our consumers safe. For example, bringing a compromised smartphone into the vehicle could be problematic from a cybersecurity perspective. Therefore, we develop our products assuming that brought-in devices are already compromised and that consumers may be doing things in the vehicle that they should not be doing. As such, we develop our defensive posture with the central pillars of privacy and safety in mind.

Read our interview with GM’s Mandi Damman, chief engineer of the autonomous vehicle program, to learn about how GM is bringing consumers along to build trust in self-driving and other advanced automotive technologies.

DELOITTE: What should car companies be prioritizing and what do you think are the most important things that need to happen to be successful in an evolving cyber ecosystem?

JM: Cyber is a rapidly evolving landscape and we certainly don’t have all the answers, but we’re focused and learning every day. First, cyber has to be a board-level priority, a CEO priority, and a priority within each function of the business because our industry is so interconnected. So, a top-down mandate will set the wheels rolling. Second, filling the massive talent gap in the industry is imperative for long-term success. The automotive industry and GM are competing with some of the most high-tech companies out there, including those in Silicon Valley. Overcoming the talent shortage by working with universities, government agencies, and other stakeholders is something the industry needs to do to be successful in the long run. Finally, it is incumbent upon larger companies to be proactive in helping the industry, so companies that do not have a similar ability to do everything on their own can have access to the knowledge and solutions that make the entire system stronger.

Cyber is a national security challenge and it is important to focus on it from an overall perspective. After all, you are only as strong as the weakest link in your ecosystem.

DELOITTE: How can companies achieve and accelerate top-down support from the board and senior executives?

JM: Company leaders have to show openness toward cybersecurity and an appetite for risk management. Their mutual willingness to do so is equally important. I think it also starts with the relationships being built among companies at the board, CEO, or cyber leader level. If those relationships exist, cross-pollination of ideas can occur. At GM, we are very interested in the whole industry moving forward together.

DELOITTE: Finally, do you have any thoughts on the key messages required to articulate the business case for top-down support?

JM: In today's digitally connected world, cybersecurity must be one of the top risks for any technology-dependent and forward-thinking company. The ramifications of a single cyber event could be catastrophic. So, recognizing the cyber risk and deploying the right mindset and resources are paramount. It's almost like having a permanent, post-breach mentality.

Stay tuned for our interview with Kevin Tierney, GM’s chief product cybersecurity officer, as we delve deeper into what the company is doing to protect its vehicles, consumers, and others from cyber threats.

Mr. Massimilla’s participation in this article is solely for educational purposes based on his knowledge of the subject, and the views expressed by him are solely his own.

Editor’s note: GM recently announced that Jeff Massimilla has been appointed to lead General Motors' Global Connected Ecosystem Integration group.

Acknowledgments

Cover image by: Daniel Hertzberg

Endnotes
    1. GM’s subscription-based communications, in-vehicle security, emergency services, hands-free calling, turn-by-turn navigation, and remote diagnostics systems. View in article

Show moreShow less

Topics in this article

Risk management , Automotive , Consumer Industry Center , Technology Industry , Center for Technology, Media & Telecommunications

​Cyber

With human insight, technological innovation, and enterprisewide cyber solutions, Deloitte Cyber will work alongside you to help you find answers and solve for the complexity of each challenge, from the boardroom to the factory floor.

Learn more
Get in touch
Contact
  • ​Tom McGinnis
  • Partner, Risk and Financial Advisory
  • Deloitte & Touche LLP
  • tmcginnis@deloitte.com
  • +1 313 396 3309

Download Subscribe

Related content

img Trending

Interactive 3 days ago

Explore more on cyber risk

  • Cyber, cyber everywhere Article5 years ago
  • Managing risk across the extended enterprise Article6 years ago
  • AI-augmented cybersecurity Article7 years ago
  • An interview with GM's Mandi Damman Article6 years ago
  • What consumers think about advanced vehicle technologies Interactive
  • Picturing how advanced technologies are reshaping mobility Article6 years ago
Steve Schmith

Steve Schmith

Steve Schmith leads marketing for Deloitte’s Automotive practice globally and in the United States. He works with practice leaders and a team of marketers around the world to shape and activate marketing campaigns that drive the business and build Deloitte’s brand with automotive stakeholders worldwide. He is also responsible for leading the practice’s relationships with automotive trade groups, associations, and media groups across the United States.

  • sschmith@deloitte.com
Ryan Robinson

Ryan Robinson

Automotive Research Leader

Ryan is the research leader supporting the global Automotive sector for Deloitte's Consumer Industry Center at Deloitte LLP. His primary focus is creating engaging, actionable insights to deepen the conversation around key trends and issues occurring across the global automotive sector landscape. For the past two decades, Ryan has supported companies throughout the automotive value chain, from manufacturers and parts suppliers to private equity firms and after-market service providers. He has been a frequent speaker at industry conferences and has been quoted as a subject-matter expert in major media outlets around the world. Robinson holds degrees in philosophy, classical archaeology, and English literature from Concordia University in Montreal, Canada.

  • ryanrobinson@deloitte.ca
  • +1 647 502 9566

Share article highlights

See something interesting? Simply select text and choose how to share it:

Email a customized link that shows your highlighted text.
Copy a customized link that shows your highlighted text.
Copy your highlighted text.

Cyber everywhere: Preparing for automotive safety in the face of cyber threats has been saved

Cyber everywhere: Preparing for automotive safety in the face of cyber threats has been removed

An Article Titled Cyber everywhere: Preparing for automotive safety in the face of cyber threats already exists in Saved items

Invalid special characters found 
Forgot password

To stay logged in, change your functional cookie settings.

OR

Social login not available on Microsoft Edge browser at this time.

Connect Accounts

Connect your social accounts

This is the first time you have logged in with a social network.

You have previously logged in with a different account. To link your accounts, please re-authenticate.

Log in with an existing social network:

To connect with your existing account, please enter your password:

OR

Log in with an existing site account:

To connect with your existing account, please enter your password:

Forgot password

Subscribe

to receive more business insights, analysis, and perspectives from Deloitte Insights
✓ Link copied to clipboard

Deloitte Insights delivers proprietary research designed to help organizations turn their aspirations into action.

Deloitte Insights

  • Home
  • Topics
  • Industries
  • About Deloitte Insights

Spotlight

  • Weekly Global Economic Outlook
  • Top 10 Reading Guide
  • Celebrating Earth Month
  • Artificial Intelligence
  • Resilience
Deloitte logo

Learn about Deloitte’s offerings, people, and culture as a global provider of audit, assurance, consulting, financial advisory, risk advisory, tax, and related services.

  • Terms of Use
  • Privacy
  • Privacy Shield
  • Cookies
  • Legal Information for Job Seekers
  • Labor Condition Applications
  • Do Not Sell My Personal Information