The Problem: Cybersecurity in Silos
Divisions Work Independently and That’s a Risk
Modern vehicles are the product of cross-divisional collaboration. Engineering teams design the software and electronic systems, production programs and inject cryptographic keys into ECUs during manufacturing, and backend services orchestrate cloud-based updates and data exchanges between vehicles and backend systems. Each division plays a vital role, yet they often operate with different priorities, tools, and terminologies.
This independence creates three major challenges. First, inconsistent terminology makes it difficult to communicate risks effectively. For example, vehicle engineering might talk about “threat scenarios” and “attack paths”, IT security about “risk scenarios” and “likelihood”, and production about “threat vectors” and “security levels”. Without a shared vocabulary, it is easy to misunderstand what exactly is at risk.
Second, incompatible risk assessment methods and tools make it hard to aggregate or compare risks across divisions. One division may rely on a qualitative Excel matrix, another on a quantitative tool aligned with ISO/IEC 27005, and a third on ISO/SAE 21434’s Threat Analysis and Risk Assessment (TARA) approach. Without mappings between these models, there is no shared view of which risks matter most across the vehicle, backend, and production.
Third, key assumptions and dependencies are often not documented or shared. Backend teams might, for example, assume that cloud providers or external partners meet certain security requirements, while vehicle engineering does not capture these dependencies in its analysis. Conversely, engineering has a detailed understanding of safety and privacy related damage scenarios for road users, but this knowledge is not always systematically shared with backend or production colleagues.
The consequences are serious. Without coordination, risks slip through the cracks. A vulnerability in the over-the-air (OTA) software update process, for instance, can emerge at the interface between divisions: if production does not correctly provision cryptographic keys, if backend services fail to protect signing keys or update servers, or if engineering does not robustly validate update packages in the vehicle, attackers may be able to inject malicious software and compromise vehicle systems, leading to safety incidents, recalls, and regulatory penalties.
Standards Provide Guidance but not Integration
Three key standards shape cybersecurity in the automotive industry: ISO/SAE 21434, the ISO/IEC 27000 family, and the IEC 62443 series. Each defines valuable requirements and processes, but none fully addresses how to coordinate and integrate cybersecurity risk management across divisions.
ISO/SAE 21434 focuses on vehicle cybersecurity engineering, providing a framework for secure software development, threat modelling, and risk management. However, it only briefly acknowledges the need to consider external dependencies, such as backend systems, without detailing how to coordinate with other divisions.
The ISO/IEC 27000 family is broader, providing an organization-wide framework for information security risk management. While it advocates enterprise-wide security management, its concepts and terminology differ from those in ISO/SAE 21434 and IEC 62443, so manufacturers need to define how to map and align these frameworks with their automotive engineering and production processes.
The IEC 62443 series targets industrial automation and control systems and defines security requirements and concepts such as zones, conduits, and security levels for manufacturing environments. It encourages alignment with broader IT security standards, but its OT-specific concepts and terminology do not map one-to-one to vehicle engineering or backend services, so organizations have to bridge these differences themselves.
Our review of these three standard families shows that they explicitly acknowledge that cybersecurity responsibilities are shared across domains.
ISO/SAE 21434 requires organizations to identify cybersecurity related disciplines such as IT security and production, set up communication channels with them, and document cybersecurity claims and assumptions whenever they rely on external systems or organizations.
The ISO/IEC 27000 family – in particular ISO/IEC 27005 – calls for harmonized risk acceptance criteria and standardized risk assessment scales across the organization so that risks from different domains can be compared and aggregated.
IEC 62443 in turn requires asset owners to align their industrial control system security program with the corporate Information Security Management System (ISMS) and to structure OT networks into zones and conduits with tightly controlled interfaces to business and backend systems.
However, none of these standards prescribes in detail how such cross-domain claims, shared risks, and interfaces should be operationalized between divisions in daily practice.
The result is a patchwork of standards that provide building blocks such as communication channels, aligned risk criteria, and process coordination, but stop short of prescribing concrete, cross-divisional processes. This leaves it to manufacturers to assemble these elements into a cohesive strategy. Without clear guidance on integration, companies are left to navigate the complexities on their own, often leading to inefficiencies and gaps in security.
Our Approach: Expert Insights Meet Standards Analysis
Why We Spoke to Industry Experts
To understand how automotive companies manage cross-divisional cybersecurity, we conducted semi-structured interviews with cybersecurity professionals from six different Original Equipment Manufacturers (OEMs). Our goal was to answer three key questions:
- What does cross-divisional cybersecurity look like today?
- What is needed to make it effective?
- What are the benefits and potential risks of integration?
We chose interviews because they allow us to go beyond theory and explore real-world practices. Standards tell us what should happen; experts tell us what actually happens.
The Reality of Fragmented Risk Management
Our findings revealed a mixed picture of cross-divisional risk management practices. Only four out of six OEMs reported having some form of cross-divisional strategy for managing cybersecurity risks across divisions. Even when strategies existed, they were often inconsistently applied, with each division using its own tools, methods, and risk assessment approaches.
Terminology was a major issue. While individual divisions maintained coherent internal vocabularies, these often differed significantly between divisions and management systems. Experts also noted that communication gaps were common, with assumptions regarding other divisions and risk information such as damage scenarios rarely being shared between divisions.
Tools and processes varied widely. Some divisions relied on Excel-based risk matrices, while others used specialized software. Their data models and risk scales were rarely compatible. Without centralized data handling or at least an agreed way of mapping between tools, it was difficult to share information or compare risks across divisions, and collaboration remained limited.
When asked directly, all interviewees rated the potential benefit of cross divisional cybersecurity risk management for assessing multidivisional incidents and improving overall cybersecurity as high or very high. At the same time, they described integrating data from different tools and sources into a single platform as technically challenging, often requiring intermediate abstraction layers or mappings between risk models and scales. Furthermore, all interviewees also rated cross-divisional uniform terminology and normalization of risk data as important or very important, particularly for automated evaluations and audit reporting.
Regulatory and standard compliance added another layer of complexity. UN Regulation No. 155 was central to most companies’ cybersecurity efforts and was typically implemented together with standards such as ISO/SAE 21434 for vehicle engineering and the ISO/IEC 27000 family for IT contexts. At the same time, regional requirements –for example differences between UN R155, China’s GB 444952024, and U.S. guideline-based approaches – combined with partially overlapping standard ecosystems made it challenging to harmonize efforts across divisions.
What’s Needed for Effective Integration
Experts agreed that five key elements are essential for successful cross-divisional risk management:
- Top-management commitment is critical. Without executive support, initiatives to integrate cybersecurity efforts often stall due to competing priorities or resistance to change.
- Standardized tools and processes reduce friction. A central risk management platform or shared Cyber Security Management System (CSMS) / (ISMS) / Industrial Automation and Control Systems (IACS) framework helps all divisions work from a consistent data model and governance scheme, while still allowing them to use different tools as long as their results are compatible and can be mapped into the shared platform. The definition of a common risk matrix and impact scale across all divisions which map their existing assessments makes risks from vehicle TARAs, IT risk assessments, and OT security analyses directly comparable and supports cross-divisional reporting.
- Role-based access control ensures that sensitive data is shared securely. By restricting access to authorized personnel, companies can prevent information leakage while still enabling necessary collaboration.
- Cross-functional specialists act as bridges between divisions. These individuals understand the unique challenges and priorities of engineering, production, and backend services, helping to translate requirements and facilitate communication.
- Training and awareness programs foster a shared cybersecurity and risk management culture. When all teams understand the importance of cross-divisional collaboration, they are more likely to embrace standardized processes and communicate effectively.
Experts also highlighted the strategic benefits of integration. A holistic risk overview allows companies to identify cross-divisional threats, such as supply chain attacks that could impact both production and backend systems. Faster incident response becomes possible when data is shared across teams, enabling quicker detection and mitigation. Also, regulatory and standard compliance becomes easier to manage when divisions coordinate how they fulfil applicable regulations and standards – such as UN R155 and corresponding regional regulations – reducing the risk of inconsistent interpretations, audit findings, or penalties.
However, challenges remain. Information leakage is a concern, requiring robust data protection measures and role-based access control so that sensitive risk data is only visible to authorized stakeholders. Bureaucracy can slow down processes, making it essential to streamline workflows. Resistance to change is another hurdle, which can be overcome through clear communication, training, and leadership support.
The Solution: Building a Unified Risk Management Framework
How Manufacturers Can Bridge the Divide
Based on our research, manufacturers can integrate risk management across divisions by focusing on four key actions:
- Standardizing, or at least explicitly mapping, terminology and risk criteria are the first steps. Developing a shared glossary ensures that all divisions and teams use the same language to describe risks, threats, and vulnerabilities. Aligning or translating between risk classification systems helps teams prioritize threats consistently and avoid misunderstandings.
- Implementing shared tools and processes eliminates redundancy. A centralized risk management platform allows all divisions to document, track, and mitigate risks in one place. Automated support for threat modelling and vulnerability tracking can further enhance efficiency by reducing manual effort and making it easier to keep track of known issues across divisions. In practice, this does not require replacing every existing tool. A shared workspace that imports risk assessments from different divisions, links them to clearly defined Targets of Evaluation – such as an ECU platform, a backend service, or a production line – and offers role specific views like “My Risks” or “My Compliance” can already provide the transparency and accountability that experts called for. Workflow automation can keep this shared view synchronized with existing Excel templates and ticketing systems, so that divisions do not need to abandon their current tools overnight.
- Establishing cross-divisional governance provides a structure. A cybersecurity steering committee, with representatives from engineering, production, and backend services, can oversee integration efforts and resolve conflicts. Assigning mediators or liaisons to facilitate communication helps break down silos and ensures that critical information flows reliably between divisions. Where divisions decide to share or retain risks based on assumptions about other domains, these “cybersecurity claims” and risk-sharing decisions should be documented transparently and tied to clearly assigned risk owners.
- Fostering a culture of collaboration is perhaps the most important step. Training programs that highlight the value of cross-divisional risk management encourage teams to embrace standardized processes. Regular audits and reviews assess compliance and identify areas for improvement, reinforcing the importance of ongoing collaboration.
Why This Approach Works
A cross-divisional framework supports a holistic cybersecurity risk management that UN R155 expects and that standards such as ISO/SAE 21434 describe for the vehicle domain. It also provides a place to reconcile different risk models – for example, by combining vehicle TARAs that focus on attack feasibility with likelihood-based ISMS assessments and OT-specific security levels – into a single, organization-wide view of cybersecurity risk. Furthermore, it improves efficiency by reducing redundant assessments and miscommunication, allowing teams to focus on high-impact threats.
Perhaps most importantly, this approach makes it easier for manufacturers to adapt their cybersecurity practices as technologies, architectures, and regulations evolve —for example when new connectivity features, cloud services, or supply chain dependencies introduce additional cross-divisional risks.
The Road Ahead for Automotive Cross-Divisional Cybersecurity Risk Management
Moving forward, research needs to focus on creating practical, all-in-one strategies that bring together the cross-divisional requirements and concepts from ISO/SAE 21434, the ISO/IEC 27000 family, and the IEC 62443 series, but also factor in how companies are structured and the human and cultural side of things.
Another important area to dig into is how strong leadership backing and clear, structured governance can help companies not just adopt but stick with solid cross-divisional cybersecurity practices. The goal is to enable manufacturers to maintain a consistent, organization-wide view of cybersecurity risk across vehicle engineering, backend services, and production – even as threats, technologies, and regulatory expectations change.
At Fraunhofer AISEC, we are continuing to refine cross-divisional methods, shared tooling concepts, and mappings between different risk models together with automotive manufacturers and partners. We will share further insights from this work in future publications.
From Insight to Action
For IT professionals and engineers, the first step is to audit your current risk management processes. Where are the gaps between divisions? Are there unaddressed dependencies or communication breakdowns? Advocate for shared tools and terminology to streamline collaboration. A practical starting point is to pick one cross-divisional use case – such as OTA updates, remote diagnostics, or charging infrastructure integration – and map all involved systems, existing risk assessments, and assumptions across divisions. Document not only technical threats and vulnerabilities, but also the underlying assumptions and damage scenarios from your division’s perspective and make these explicit when you hand over risk information so that backend, production, and vehicle engineering teams can see how their risks are connected.
For managers and executives, cybersecurity must be a strategic priority. Invest in cross-functional training and governance structures that support integration. Consider sponsoring a small cross-divisional pilot: set up a shared risk workspace for one product line or end-to-end process, assign clear Risk Owners and Process Owners across engineering, IT, and production, and track a few KPIs, for example the number of duplicated risks removed, the consistency of risk ratings across divisions, or the time it takes to assess multi-division incidents. Recognizing that cybersecurity, especially when coordinated across divisions, is not just a compliance requirement: it’s a competitive advantage that protects your brand, customers, and bottom line.
References
This blog article is based on the scientific paper »Cross-Divisional Cybersecurity Risk Management in Automotive: Requirements and Current Practices« . Detailed references can be found in the paper.
Author
Patrick Wagner
Patrick Wagner completed his Master’s degree in Computer Science with a focus on IT security and reliability at the University of Passau, gaining industry experience and completing his thesis work with the Krones Group and Siemens. Since 2019, he has been working as a scientist in the Product Protection and Industrial Security department at Fraunhofer AISEC, where his work centers on automotive cybersecurity at the intersection of research and industry, with a particular focus on cross-divisional cybersecurity risk management. He served as Fraunhofer AISEC project lead for security in the BMWE-funded ATLAS-L4 research project and has conducted numerous cybersecurity risk assessments for automotive OEMs.
Contact: patrick.wagner@aisec.fraunhofer.de
