Five cybersecurity trends you need to know about

We reveal how connected car security is driving change across the sector, and what you need to know if you want to stay ahead of one of the biggest trends in the automotive sector.

01_Consumer concerns

In a recent survey of 2,000 UK motorists by Digidentity, a digital identity platform owned by Solera, 79% backed more stringent regulation of car data access. A further 64% reported feeling a lack of control over how their vehicle’s data is protected, with the figure higher still among EV owners.

Noting that two-thirds of new cars sold in the UK are now connected, Digidentity’s Chief Technology Officer, Marcel Wendt, said: “Modern vehicles are rapidly becoming mobile data hubs, storing everything from location and driving habits to personal preferences. Our survey shows that drivers are concerned about how their data is managed and they expect garages to be more transparent about their data security measures. This is an opportunity for the automotive industry to build trust with customers by prioritising data protection alongside traditional factors such as price and service quality.”

Handily, Digidentity is the approved Trust Centre for the SERMI (Security-Related Vehicle Repair and Maintenance Information) Association.

02_Security clearance

Initially launched to standardise access to security-related data for programming keys and unlocking immobilisers, Stuart James of the Independent Garage Association describes SERMI as “invaluable to the automotive sector”.

Importantly, it is now mandated by EU Delegated Regulation 2021/1244 in Europe and includes the requirement for independent operators and their employees to be “approved and authorised” to use it.

In 2023, a new framework was agreed by the European Automobile Manufacturers’ Association (ACEA) and an number of independent sector organisations including the European Council for Motor Trades and Repairs (CECRA) and the European Federation of Automotive Aftermarket Distributors (FIGIEFA).

The UK is aligned on a voluntary basis and the scheme will be delivered here by RMI Standards and Certification (RMISC) on a not-for-profit basis. With the requirement of £1m public liability insurance, a SERMI certificate will be valid for five years and is audited by RMISC site inspections.

03_Remote access

Remote diagnostics providers, including those using the Jifeline network, are already incorporating the new SERMI requirements into their processes. One such company, the Wirral-based Core Diagnostics, has recently had its Core Academy approved as an IMI Training Centre. As well as offering the Hybrid and Electric Vehicle Combined Course Level 2 & 3 and AOM230 for ADAS calibration qualifications, it has worked closely with the IMI to create bespoke remote technician accreditation.

“Training is an ongoing issue for everybody in the aftermarket,” says Neil Hilton, Technical Sales Director at Core. “We have developed our own remote diagnostic technician course, which is accredited by the IMI. We are currently the only company in the UK to have this course accredited. The course offers the NVQ Level 3 Digital Support Technician qualification, with carefully selected e-learning and an endpoint assessment delivered in partnership with Wirral Metropolitan College.

Our technicians aren’t going to be taking out a gearbox or changing a clutch, so we strip all that out and focus on high-level electronic systems, which is exactly what the market needs.”

04_Gen Z skills

While the ‘digital native’ concept has been criticised for assuming digital literacy, Hilton states that the company are increasingly turning to Generation Z for digital skills.

“The profile of our team often surprises people,” he says. “They expect a lot of Master Techs in their mid-40s, which was our initial direction. The problem was that they usually came from a particular dealer – fantastic on one brand but it took a lot of training to get them up to speed on everything else.

“When our MD, Mark Fleming, started taking his teenage son out on ADAS and programming jobs, he noticed how incredibly quickly he picked everything up. Now we employ a lot more young people, sometimes just out of school. They are generally very sharp, eager to learn and have been brought up in a digital environment, so have no fear of these systems. They also tend not to have preconceptions and carry no baggage from years in the trade.”

05_No bypass

As well as skilled authorised users, another vital element in robust cybersecurity is great systems and data protections. “We use OE equipment so don’t experience any issues,” says Hilton. “It concerns me when people talk about bypassing security. There should be no bypass. If there is, you have to question the legality of any work after this point.

“On-demand remote diagnostic support is our primary focus, which makes an enormous difference. We continually operate at 50% capacity, which enables us to deliver a maximum response time of 30 seconds. Some providers have to physically plug a main dealer tool into a local unit, but we have all the OE equipment already connected in the server room. Each technician has a keypad with the different brands ready to go, which streamlines the process.

“We have backup systems, both on-site and in the cloud, so even if one system goes down we can be back up and running very quickly.”

This is an edited extract from IMI's new MotorPro magazine, received free as part of IMI membership.