Cyber Initiative

Limited Time Only! Our Cyber Bundles are free for everyone — select your basic or advanced bundle below to get started!

FACT: You ARE being targeted

According to the latest statistics, 43% of cybersecurity attacks target small businesses – yet only 14% of smaller organizations rate their ability to defend against a cyberattack as highly effective. To make matters worse, 60% of small companies never recover, and go out of business within months of a cyber attack.

Sponsored and supported by AIAG’s Board of Directors, and developed in partnership with NQC SupplierAssurance, a global leader in cyberthreat detection, AIAG’s new Supply Safe™: Cyber Safe Bundles are comprised of a virtual audit – a one-time domain/IP scan – along with either a basic or advanced risk assessment.

For both AIAG members and non-members, these bundles are now completely free for a limited time! Additional scans can also be purchased at a cost from NQC to see how your improvements have affected your cybersecurity and ensure you are always up to date on the latest threats to your systems.

Whether your organization is taking its first steps to prioritize cybersecurity, renewing efforts to protect itself from cybercrime, or performing a health check on existing security measures, AIAG has the next-step resources you need.

Help keep your systems and the industry’s valuable data safe by taking advantage of these free member tools today!

Basic Bundle

Designed to support smaller to medium sized organizations with fewer or outsourced IT, this bundle includes:

  • Cyber Virtual Audit
  • Basic Cyber Risk Assessment
    • ~25 Question Survey
  • Additional free resources

Advanced Bundle

Intended for larger organizations with more robust IT resources dedicated to cybersecurity, this bundle includes:

  • Cyber Virtual Audit
  • Advanced Cyber Risk Assessment
    • ~70-85 Question Survey

Bundles Include:

+ Cyber Virtual Audit: A one-time domain/IP scan that allows you to run a comprehensive virtual audit on your organization’s internet facing systems. This non-intrusive remote audit searches for known vulnerabilities and misconfigurations using a database of more than 53,000 issues; vulnerabilities found during the analysis are then logged, and a report is created providing details on the specific vulnerabilities identified, as well as what actions can be taken to rectify the issues. This tool is currently available in English, Spanish, Mandarin, German, Korean, French, Portuguese and Hindi.

+ Cyber Risk Assessments: These assessments allow you to evaluate your organization’s existing information security capabilities and organizational controls in relation to industry best practices, as detailed in AIAG’s CS-1 document – the Cybersecurity 3rd Party Information Security guideline. Upon completion, you will receive an automated Corrective Action Plan which enables immediate action in addressing vulnerabilities and improving cyber capabilities. Both a basic and advanced level of assessment – currently in English, Spanish, Mandarin, German, Korean, French, Portuguese and Hindi – are available.

Basic Cyber Risk Assessment: With approximately 25 questions, this survey is designed to support smaller to medium sized organizations with fewer IT resources dedicated to cybersecurity, or outsourced IT support. The following areas are covered in this assessment:

  • Back-up
  • Malware
  • Smartphones/Tablets
  • Passwords
  • Phishing Avoidance
  • User Privileges
OR

Advanced Cyber Risk Assessment: With approximately 70-85 questions, this in-depth survey is intended for larger organizations with more robust IT resources dedicated to cybersecurity. The following areas are covered in this assessment:

  • Security Program, Processes, Awareness
  • Access Controls, Passwords, Data Encryption
  • Vulnerability Management, Anti-Virus
  • Security Incident Notification, Security Investigations
  • Security Audits of Suppliers/Third Parties
  • Information Lifecycle Management, Data Retention/Disposal

We encourage you to start your Cyber Risk Assessment as soon as possible to begin the critical process of identifying and addressing vulnerabilities in your system; please make sure to begin the assessment within 60 days of your purchase to take advantage of this tool!

What steps should I take to see if my systems are at risk?

Step 1: Start with your website 

All your customers have cybersecurity requirements in their terms and conditions. Make sure your organizations’ internet facing systems are protected by running a Cyber Virtual Audit. This non-intrusive remote audit identifies over 60,000 known vulnerabilities and system misconfigurations, and provides a report detailing any issues and potential actions to address those issues

Step 2: Assess your organization’s information security capabilities with enterprise risk assessment 

The enterprise Cyber Risk Assessments (basic and advanced) evaluates your organization's existing information security capabilities and organizational controls in relation to industry best practices, based on your organization’s internal capabilities. These assessments include Corrective Action Plans, allowing you to evaluate your organization’s existing information security capabilities and organizational controls in relation to industry best practices.

AIAG also offers a Basic Cyber Knowledge Self-Assessment for individuals. Based on industry defined cybersecurity requirements, it is uniquely designed to assess and educate your organization's employees and identify opportunities to further improve your foundational cybersecurity knowledge.

Step 3: Access resources to remedy any issues that were identified 

These resources include eLearning from US Federal Trade Commission, webinars from industry leading cybersecurity organizations, and industry best practices based on OEM and Tier 1 requirements and US government NIST standards. 

Step 4: Do monthly check-ups and additional internet facing systems to ensure your systems stay safe from ever changing Cyber attacks 

Cyber criminals' tactics are ever changing and evolving. Our cybersecurity partner, NQC, can customize an ongoing virtual audit plan for your company and situation to make sure you stay ahead. These resources are available directly from NQC for an additional fee to both members and non-members.

Publications - Order Today

This product contains a common set of minimal security guidelines, General Computing Controls, that apply to all 3rd Parties who create, collect, store, transmit, manage, process an OEM's data and information in an environment external to the OEM's.


ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).