The company’s advisory-led approach helps organisations identify risks early and build strong frameworks to manage them with confidence and clarity.
The automotive industry is changing faster than ever before. Vehicles are no longer just mechanical machines. They are becoming connected, digital platforms powered by software, electronics and data. With this transformation, new opportunities are emerging—but so are new risks.
During an interaction with this publication, Mr. Saurav Kumar, Managing Director, Protiviti Member Firm for India, explained how consulting firms are helping automotive companies navigate this rapidly evolving landscape.
Advisory Focus
Protiviti positions itself differently within the consulting ecosystem. Unlike the Big Four firms, the company focuses purely on advisory services. It does not undertake statutory or tax audits, allowing it to concentrate entirely on areas such as risk management, technology consulting, strategy and internal audit.
Founded in the early 2000s, Protiviti has steadily built a strong global presence. In risk management and internal audit services, the firm’s scale today is comparable to—and in some areas even larger than—some of the Big Four consulting firms. This advisory-driven approach allows the firm to work closely with organisations in identifying risks and building frameworks to manage them effectively.
Cyber Risks
One of the biggest concerns for the automotive industry today is cybersecurity. As vehicles become more connected and digitally integrated, the risk of cyber threats continues to grow. Protiviti has established a dedicated cybersecurity competency center that focuses on both IT security and operational technology (OT) security. The company provides services such as penetration testing, cyber risk audits, red teaming and blue teaming, often using established frameworks like NIST. Beyond advisory services, it also works alongside clients’ teams to strengthen internal cybersecurity capabilities and operational resilience.
Connected Vehicles
In the past, cybersecurity efforts in the automotive sector were largely focused on enterprise IT networks. However, the rise of connected vehicles has expanded the risk landscape. Today, vehicles are integrated with digital platforms, sensors and communication networks. This has introduced new vulnerabilities.
According to Mr. Kumar, the company works with automotive manufacturers and component suppliers to strengthen cybersecurity around connected vehicle programmes and electronic control units. The firm also evaluates the security of industrial control systems, SCADA environments and manufacturing execution systems used in smart factories.
Digital Complexity
The emergence of software-defined vehicles has made the automotive ecosystem far more complex. Vehicles now involve multiple suppliers, software layers, IoT systems and digital services. This expanding ecosystem increases the potential attack surface for cyber threats. To address this challenge, Protiviti helps companies build what it calls a “risk universe.” This involves identifying all potential risks across the digital ecosystem and creating mitigation strategies that improve operational resilience and regulatory compliance.
In most cases, Protiviti begins its engagement with large OEMs. Once strategic initiatives are defined, the work often extends across the supply chain, involving Tier 1 and Tier 2 suppliers to ensure consistent risk management practices.
AI Adoption
Artificial intelligence is also becoming an integral part of enterprise transformation. Protiviti increasingly incorporates AI into its consulting engagements. Internally, the firm uses AI tools to improve deliverables and generate insights through cross-client benchmarking. For clients, AI solutions are typically developed collaboratively. In many projects, use cases begin at the hypothesis stage and are refined together with the client.
For example, the firm is currently working with an automotive component manufacturer on predictive maintenance and production cycle-time optimisation. Another project with a large OEM involves building an AI-based cognitive contract management system. Because the AI ecosystem is still evolving, many of these solutions are tailored to specific operational challenges, he mentioned.
Supply Visibility
Looking ahead, one of the biggest risks facing the automotive industry is supply chain disruption. Recent geopolitical tensions have exposed a major weakness in the industry—limited visibility beyond Tier-1 and Tier-2 suppliers. Many manufacturers lack clear insights into Tier-3 and Tier-4 suppliers, particularly when it comes to raw material sourcing. Improving supply chain visibility is becoming critical not only for operational continuity but also for meeting sustainability and regulatory requirements, he clarified.
Mr. Kumar insisted that companies must ensure ethical sourcing, green procurement and compliance with regulations such as GDPR and India’s Digital Personal Data Protection (DPDP) framework. As the industry transitions toward electric vehicles, connected mobility and software-driven platforms, the risk landscape will continue to evolve.
In many ways, vehicles today are beginning to resemble smartphones on wheels—highly sophisticated, digitally connected technology platforms. For automotive manufacturers, managing this complexity will require stronger risk frameworks, smarter technology adoption and deeper collaboration across the entire ecosystem, he summed up.
