Automotive & Mobility

Conducting Global Benchmarking of the Contractural Arrangements Between Automakers and Their Suppliers

Challenges

Starting in April 2024, the client set up a new cybersecurity risk management department at their headquarters

 

As part of this initiative, the client seeks a global, comprehensive view of how cybersecurity is ensured through contractual agreements between original equipment manufacturers (OEMs) and their suppliers of relevant modules and parts, including software, in the automotive and other industries

 

The customer wants answers to a set of pre-defined questions

Problem-Solving Approach

Choosing five focus industries based on a variety of criteria, including the number of cyberattacks and the magnitude of potential damage

 

Selecting different car manufacturers from the USA, Europe and Asia as objects of analysis

 

Refining and completing the catalog of questions along the following themes:

Gathering relevant data through desk research and expert surveys/interviews

Results

Generated an understanding of the interplay between various relevant contracts, such as general terms and conditions of purchase, specific terms and conditions of purchase for (open source) software, service level agreements (SLAs), and cybersecurity interface agreements (CIAs)

 

Typical division of responsibilities between OEMs and suppliers for various aspects of cybersecurity clarified

 

Study results documented, analyzed and discussed with client team