76% of American SMEs are concerned about EV security

Despite 15% of SMEs in the US having leased or purchased EVs, many fear that EVs are susceptible to hacking, ransomware, and other forms of cyberattacks
8 March 2022

US Secretary of Transportation Pete Buttigieg speaks during an event to discuss investments in the U.S. electric vehicle charging network, outside Department of Transportation HQ in Washington, DC. (Photo by Drew Angerer / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

While electric vehicles (EV) are becoming increasingly popular among consumers around the world, enterprises and small, medium enterprises (SMEs) are also beginning to adopt the technology. In fact, more businesses are expanding and adopting EVs into their service fleets, particularly in the US.

According to a survey by Hartford Steam Boiler Inspection and Insurance Company (HSB), 15% of SMEs in the US have leased or purchased EVs for commercial use. For example, Amazon’s EV startup Rivian started delivery in several US cities last year. Amazon is already redesigning some delivery stations to service EVs. In 2020, Amazon delivered more than 20 million packages to customers in electric delivery vehicles across North America and Europe.

Despite this, the survey also revealed that 76% of SMEs are still concerned about the security of EVs. Many SMEs fear that EVs are susceptible to hacking, ransomware, and other forms of cyberattacks. For example, cybercriminals could target EV charging stations to launch cyberattacks on a company.

At the same time, 13% of business owners and managers said that at some point a computer virus, hacking incident, or other cyberattack had damaged or otherwise affected their commercial vehicles. Over half (56%) are somewhat or very concerned their vehicles could be immobilized or made inoperable, their safety compromised, and a hacker could communicate and confront them over their audio system.

“The technology is advancing swiftly and there is a growing need to focus on the cybersecurity of electric vehicles. With the rush to make the switch to electric cars and trucks, owners and the EV industry should step up their efforts to protect vehicles and charging infrastructure from cyberattacks,” said Timothy Zeilman, vice president for HSB, part of the Munich Re insurance group.

A recent example of an EV hack was experienced by Tesla. Several Tesla models were reported to be compromised earlier this year when a 19-year-old hacker was able to unlock doors and windows, start cars without keys and disable the vehicle’s entire security system remotely.

While the hacker did reach out to Tesla to point out the vulnerabilities, the reality is, he was able to attack the vehicles. And this is exactly why SMEs are concerned about relying purely on EVs for their business.

For Chris Clark, Automotive Software and Security Solutions Architect at Synopsys, the real concern for small businesses should be fuel costs, as the draw of reduced operational costs by using EVs is very compelling. On the flip side of this coin, Clark explained that businesses are also justly concerned about key components of their business being compromised as they implement more and more internet-connected resources, such as EVs.

Clark believes that many organizations will look to insurance coverage to protect themselves. With the “504 individuals surveyed saying that they were worried about their vehicles’ data, software or operating systems being damaged or destroyed by malware”, Clark felt the concern is real and companies like HSB are taking notice.

“While insurance provides financial protection, business owners are the front line of defense. Making informed decisions on which EV solution to purchase is the first priority, and it’s also imperative that these businesses keep up to date on software versions and service notices. Manufacturers are beginning to see that insurance and consumer ratings are making security an aspect in purchasing, especially for fleet vehicles,” commented Clark.

As Clark puts is it, ultimately, manufacturers must continue to address cybersecurity risk in the development of their hardware and software solutions to protect their brand.