Insights
Unlocking AI Revenue Drivers for Automakers: Data Security and Consumer Trust
|
Insight Article
|
• |
June 23, 2025
|
June 23, 2025
|
Unlocking AI Revenue Drivers for Automakers: Data Security and Consumer Trust |
Executive Summary:
McKinsey estimates that new services (in-car apps for infotainment) create a $250-400 bn opportunity in the future, ~10% of annual global auto manufacturing industry revenue. However, AI revenue potential for automakers depends on (1) the set-up of consumer channel ecosystem, (2) consumer preferences and perhaps most importantly and (3) automakers ability to demonstrate sufficient data security practices to gain consumer trust.
To capture that revenue upside, OEMs would have to displace tech giants which already own the ecosystem of consumer interface. For example, if a consumer is using certain maps application on their phone, PC and tablet, then a car is just another “platform” where consumers want to use the same application. Under such model, tech consumer-facing companies have a lot of power against OEMs to buy/rent the “platform” space. Major tech companies were quick to realise that and now offer all-in-one connectivity solution for consumer devices within vehicles (e.g., Apple CarPlay, Android Auto).
One niche that OEMs can still capture are car-specific features that are, by their nature, not provided by other devices. If a smart vehicle allows payments for parking, WiFi hotspots or is able to direct the car to the best parking option, consumers might be willing to pay for these features (McKinsey). Additionally, OEMs could capitalise on selling collected data to insurance companies or city authorities for planning purposes, but this comes with additional challenges of data privacy and security.
Whilst we expect automobile companies to remain hardware producers first and foremost, the appeal of capturing revenue associated with AI-enabled data gathering and processing is expected to drive increased data collection. OEM's ability to gather this information will be supported by the introduction of direct-to-consumer sales (currently in progress and mostly online) and creation of “Software-Defined Vehicles” (SDVs, earliest releases in 2026). This information may ultimately be used internally to improve customer experience or to be sold to third parties, though unlocking material revenue growth through AI will likely require crossing wide competitive moats established by tech companies.
As automotive companies do explore AI revenue drivers, they must build confidence among consumers that data is stored and handled securely. OEMs are not tech companies, nor do they have extensive experience with handling personal digital data. In fact, recent study by non-profit Mozilla Foundation concluded that all 25 car brands under review failed to meet consumer privacy tests1 and tended to over-collect data. Major ransomware attacks have already impacted OEMs (Toyota 2021; Kia 2021; Honda 2020) and many firms still need well-defined internal policies and associated incident response plans to address crises. The integration of AI will place more compliance burden on OEMs as well, as seen with the EU AI Act.
OEMs seeking to manage this issue effectively must maintain effective top-down oversight (establishment of Board-level oversight/chief information security officer or equivalent). Cybersecurity risk programs should be managed according to recognized third party standards and utilize independent external security audits. One risk that will be difficult for firms to manage individually is a lack of suitable talent - cybersecurity workforces have grown to an estimated 7.1 million employees globally, but a 28% vacancy rate for these positions implies the ability to address these threats may still be in question (BCG) and OEMs are not well positioned to compete for this talent vs IT firms2.
Automakers will need to evolve their approaches to talent management and data security to help grow their AI capabilities. Best practices include a clear strategic identification of value capture opportunities, corresponding talent management, and top-down cybersecurity & data privacy controls to address an increasing risk surface. We believe companies that keep these considerations in mind are best positioned for long term value creation3.
![]() |
Matas Vala
Investment Grade Credit Research Analyst
|
![]() |
Vice President
|