Cyber Security - 3rd Party Information Security


Cyber-crime Financial Losses

In 2014, the Wall Street Journal estimated that the cost of cyber-crime in the U.S. was approximately $100 billion.  In 2015, the British insurance company Lloyd’s estimated that cyber-attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business.

Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019.  The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to detect.

Large banks, retailers, and federal agencies make the headlines when they are hacked - but all businesses are at risk. According to Microsoft, 20% of small to mid-sized businesses have been cyber-crime targets. In 2016, over 2 billion personnel records were stolen globally, with over 100 million American medical records stolen.

Industry Problem

In recent years, many companies and organizations around the globe have become increasingly aware of cyber security data breaches, data theft, and intellectual property theft.  This has raised concerns about protecting information, particularly when sharing sensitive data with external business partners such as suppliers.

Protecting information should be a business imperative to maintain a viable and secure environment.  Original Equipment Manufacturers (OEMs) and their business partners must protect their customers’ information by maintaining the confidentiality of sensitive data and intellectual property, integrity of all data (public and private data), and availability of critical data to avoid business disruption.

Each OEM has developed security guidelines and requirements for their business partners to follow in order to accomplish these objectives.  However, these guidelines and requirements most likely differ between the OEMs in areas they cover and the level of detail provided.  Additionally, concerns about cyber security / information security continue to rise and must be addressed for all OEMs.

Project Proposal

Assemble a team of OEM Chief Information Security Officers (CISO) and/or designates to collaborate with AIAG.  This team will develop a common set of minimal security guidelines or requirements consistent with each OEM to address cyber security / information security concerns.

These security guidelines or requirements will focus on the secure exchange and protection of information between the OEM’s and their business partners.