One of the ever evasive pitfalls of increasing amounts of e-commerce and data being available and accessible on the Internet is the risk of a data breach. Though we typically think of data breaches in our own personal terms, like individual financial records, email accounts, and card accounts, data security is also a big worry for companies of all sizes.
Although the average data breach costs the most in the United States (EUR 6.85 million), even countries like France and Germany, who have recently enacted tighter data controls, are not immune, with both reporting average data breach costs in excess of EUR 3.5 million. Furthermore, one of the largest targets for a data breach isn’t an industry that receives a lot of data security attention, such as healthcare or financial services, it is manufacturing.
Considering that the German automotive industry directly employs nearly 820,000 people, exports over 4 million cars, and generated over EUR 426 billion in sales last year, data security is of the utmost importance.
To increase and assure security among companies that operated in the automotive industry, the German Association of the Automotive Industry (VDA), implementing essential features of their internal Information Security Assessment (ISA) in accordance with the international ISO/IEC 27001 standard, has created TISAX, the Trusted Information Security Assessment Exchange.
Simply put, TISAX provides data security standardisation in the automotive industry. Considering that a substantial amount of product development, testing, and manufacturing data is shared among different manufacturers/suppliers, the usage of differing levels of IT security as well as differing security verification in the past created multiple potential targets for a data breach.
By creating a system that recognises a sole body for accreditation criteria and assessment requirements, TISAX puts manufacturers/suppliers on the same data security page by requiring that they adhere to the same level of security and submit to an external audit to confirm it.
While no data security system is perfect, TISAX, by employing a common set of standards, is simply seeking to reduce the overall risk of a data breach in an industry where it could potentially have a domino effect.
According to numbers released by VDA in late 2017, the global automotive industry accepts it is a worthwhile undertaking, with over 600 companies encompassing 1,000 facilities in 32 countries having already registered, and more than 100 audits have already been carried out.
