• 07/03/2026
  • Report

Cybersecurity as a strategic competence for automotive suppliers

Die casting foundries are an important link in many automotive supply chains. They supply housings, chassis and drivetrain components, and increasingly also structural components, often in tightly timed series production processes. An IT security problem at just one point in the chain can bring machining, assembly, Tier 1 suppliers and, in extreme cases, OEM production to a standstill. This is why cybersecurity in high pressure die casting is a key issue – one that EUROGUSS 365 discussed with Professor Dr Stefan Bratzel, Founder and Director of the Center of Automotive Management (CAM).

Written by Editors EUROGUSS 365

Car assembly hall
An IT security issue in the supply chain can bring OEM production to a standstill.

“Automotive production is now a systemically relevant target for global cyber actors. Production downtime causes damage in the double-digit millions – per day,” explains Stefan Bratzel, keynote speaker at the most recent EUROGUSS Executive Circle 2025. The current study on cybersecurity in automotive production, prepared by CAM in cooperation with Cisco, shows how strongly the supply chain is coming into focus. According to VicOne data cited in the study, 56.9 percent of attacks in the automotive environment in 2024 were directed at suppliers.

 

The attack surface emerges in the process

The networking of modern foundries is intentional. Die casting machines, robots, dosing and spraying systems, temperature control units, X-ray inspection, ERP and remote maintenance are interconnected. Process data helps reduce scrap, digital inspection records provide evidence, and remote access shortens downtime. For OEMs, this transparency is attractive because it improves quality, traceability and planning reliability.

But the more closely systems, data and external access points are connected, the larger the attack surface becomes. Attacks are aimed specifically at the weakest link in the IT ecosystem of automotive production. A service provider access point, a poorly segmented network or an outdated controller can have consequences for production. Remote work is also highly relevant as a vulnerability: In a Techconsult survey commissioned by Diconium among 200 cybersecurity experts and IT decision-makers from the automotive industry, 19.5 percent named security in the cloud and in remote work as the greatest challenge.

 

More than encrypted systems

Ransomware and malware attacks are among the key threats. Systems are encrypted, production comes to a halt. But these are not the only possible scenarios: Die casting depends on stable parameters, reproducible processes and documented quality. If inspection records are unavailable, batches cannot be traced or process data is damaged, this creates problems for approvals and customer communication. Design data, tool data, process windows and simulation models are also sensitive. Companies that lose them lose their competitive edge.

For suppliers, the decisive question will be how they can demonstrate their cyber resilience. In the automotive world, information security has long been part of supplier relationships. The VDA ISA catalogue, the German Association of the Automotive Industry’s catalogue of requirements for information security, and TISAX, the related assessment and exchange procedure for assessment results, provide an established framework.

At the same time, current attack patterns show that formal evidence alone is not enough. What matters is whether a company knows its critical processes, controls access, prepares restart processes and understands cybersecurity as part of its ability to deliver.

 

What matters now

The CAM and Cisco whitepaper describes a model of four central competence areas for empirically assessing a company’s cybersecurity performance: Competencies, Cooperations, Culture & Organisation and Cyber Strategy. For die casting foundries, this provides a pragmatic path forward. They need to know which systems, controllers, interfaces and remote access points are critical to their ability to deliver. They need to clarify which partners have access. And they need to anchor cybersecurity organisationally – not only in IT, but also in production, quality, purchasing and management.

 

“Creating a significant security gain with manageable effort” 

Portrait of Stefan Bratzel
Stefan Bratzel, Founder and Director of the Center of Automotive Management 

Professor Bratzel, suppliers in the automotive environment are particularly frequently affected by cyberattacks. Why are they becoming such a strong focus?

Stefan Bratzel: Suppliers are now closely integrated into the digital value creation networks of the automotive industry and often have direct access to development, production or quality data. At the same time, they are often less well protected against cyberattacks than major OEMs, which makes them a preferred entry point for attacks on the entire supply chain.

Procedures and frameworks such as VDA ISA and TISAX are established in the automotive supply chain. Are such forms of evidence sufficient in light of the current study findings?

Stefan Bratzel: VDA ISA and TISAX create an important basis for information security, but on their own they are no longer sufficient. Cybersecurity must now be understood as a continuous management process that equally encompasses IT, OT, production and the supply chain, and that is aligned with the dynamic threat landscape.

The foundry industry is largely shaped by medium-sized companies and cannot scale cybersecurity without limits. Where should companies begin if they want to better protect themselves?

Stefan Bratzel: The first decisive step is to gain a systematic overview of one’s own risks and critical systems. Basic measures such as securing remote access, separating IT and production networks, regular employee training and a clearly defined emergency and restart plan are particularly effective. These measures can already create a significant security gain with manageable effort. 

Author

EUROGUSS 365
Editors EUROGUSS 365
euroguss365@nuernbergmesse.de