The User Experience of a Cyberattack

A Layered Approach to Cybersecurity

Cyber data breaches are on the rise. In 2019, the Identity Theft Resource Center reported a 17% increase in breaches over 2018. Despite the threat this poses, our desire for connectivity shows no signs of slowing down, and cars are no exception. By 2023, projections² show that 87% of new passenger cars will be connected – in one form or another. As the automotive industry sets out to prevent cybersecurity breaches from occurring at all, our UX team sought out to understand the general public’s perceptions of automotive cybersecurity, and ways it can inform the design of future cybersecurity prevention systems.

As a first step, our team conducted a nation-wide survey of randomly selected drivers to discover their awareness of automotive cybersecurity issues and see what informed their perceptions of cybersecurity. We found that most car owners are aware of cybersecurity risks, and furthermore, a majority expected their car to alert them about it. In the event of a hack while driving, close to 90% of our respondents indicated that they would want some type of cybersecurity incident alert system in their future connected car. 

Automotive Cybersecurity Perceptions Survey: Key Findings:

• Car owners are aware of cybersecurity risks. Less than 30% believe connected car features are protected.
• Top worries in a car hack: car & data theft, spying. Lowest worry: a hacker taking control of the car while driving.
• Most (75%) are not prepared to handle their car being hacked on their own.
• Autonomous cars are seen as more vulnerable to cybersecurity attacks compared to non-autonomous cars.
• Vehicles with more physical buttons are perceived as more “cybersecure.”

With that in mind, we conducted an in-vehicle experiment with a smaller set of participants. Here, we wanted to understand the reactions of a driver who suddenly experienced a cybersecurity incident. By disrupting a user’s tasks with a simulated cyberattack, we were able to determine their behavior, expectations, and reaction during a real attack. We then tested user preferences from among several different proposed UI design options for both alerts and failsafe options. 

UX Design for Automotive Cybersecurity: Key Findings

• Driver reaction to a hack: confusion & visual scanning. Drivers visually scanned the forward cabin in a circular manger to identify the “source” of the simulated hack. 
• A flashing visual icon on the cluster & audible alert are preferred as notification methods. Drivers also expect descriptive messages on the center display.
• Drivers are open to take the situation into their own hands with a connectivity “kill switch.” But, it depends on the severity of the hack.
• Cybersecurity incident alerts may not be treated equally by the driver. Hacks affecting safety systems are considered higher priority than infotainment incidents.
• After a cybersecurity incident, drivers expect a human incident response to offer comfort and advice. Drivers refer to familiar mental models from home security and financial sector security incidents.

Bottom line: When designing for cybersecurity, keep in mind that drivers expect a simple, easy-to-understand in-vehicle cybersecurity incident alert system with a clear call-to-action.

¹ Identity Theft Resource Center – 2019 Data breaches 

² Statista – Passenger Cars