In a world where vehicles are increasingly connected, cybersecurity has become a defining factor in automotive excellence. For Bentley Motors, ensuring cyber security in automotive in the digital age meant going beyond luxury and performance—it meant achieving compliance with the UNECE WP.29 cybersecurity and software update regulations. Partnering with MHP Consulting UK, Bentley became the first OEM to gain certification for both Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS), with zero nonconformities.
Driving compliance through collaboration
Since July 2024, automakers must comply with UNECE regulations to sell vehicles across 56 member states. Recognising the scale of this challenge early, Bentley began developing its cyber security capabilities back in 2021. Chris Cole, Product Line Director at Bentley Motors, led the initiative, recognizing the profound implications of a connected car world.
“As our cars became more connected to the global network, we knew we had to make sure that connection was exceptionally safe for our customers and for us as a business,” Chris explained. “The evolving landscape, in terms of threats and regulation, means this is a continuous journey.” He emphasized that the approach to automotive cybersecurity must be proactive rather than reactive.
To achieve compliance, Bentley worked closely with MHP Consulting, part of the Volkswagen Group. Together, they developed a two-phase programme: first, establishing frameworks and documentation for CSMS and SUMS, and second, operationalising and executing those systems. This thorough approach ensured that all bases were covered and that the Bentley team was well-equipped for the future.
Building a culture of cyber security
This wasn’t just a technical exercise—it was a cultural transformation within Bentley. Cybersecurity was embedded into every stage of operations, from concept and design through to manufacturing, service, and aftersales. Over a two-and-a-half-year period, teams across the business underwent extensive training and process redesigns. “It affected every aspect of operations,” Chris elaborated. “We created new departments, roles, and toolsets to embed cyber resilience into Bentley’s DNA.” This shift highlights the importance of organizational culture in addressing modern cybersecurity challenges.
MHP Consulting’s structured approach proved crucial to Bentley’s success. By pairing a small, focused MHP team with Bentley employees, effective knowledge transfer occurred, ensuring that Bentley could eventually take full ownership of its cybersecurity management. “It’s important for OEMs not to make themselves dependent on service suppliers,” said Bodo Philipp, CEO of MHP Consulting UK. “Our goal was to empower Bentley to manage cybersecurity independently.” This strategy not only provided immediate solutions but also established a sustainable framework moving forward.
Cybersecurity as competitive advantage
Bentley’s commitment to cyber resilience extends far beyond just regulatory compliance. With every new model—from the Bentayga to the Continental GT—cyber security has become an integral part of the brand promise. “We’ve developed this capability to set ourselves as the safest cars in the luxury segment,” Chris stated proudly. “Customers can feel totally protected when they own a Bentley.” This focus on security is not merely a response to regulations; it reflects a fundamental understanding that trust is essential for luxury consumers.
Moreover, this achievement positions Bentley as a leader in the evolving global landscape of automotive cybersecurity. As new regulations emerge in markets such as China, Japan, and the US, Bentley is already setting the stage for the next phase. “Meeting UNECE requirements was just the first step,” Chris added. “Cyber security isn’t a destination—it’s a continuous journey.” This perspective underscores the commitment to maintaining and enhancing cybersecurity measures in an ever-changing technological landscape.
Bodo Philipp is CEO of MHP Consulting UK
A model for the industry
For other OEMs, Bentley’s journey offers valuable lessons: take cybersecurity seriously, secure executive sponsorship, and invest in in-house capability. As Philipp summed up, “Cybersecurity must be treated as a core business priority. It’s not just about compliance—it’s about trust, safety, and the future of mobility.” This changing landscape necessitates a robust and forward-thinking approach to cybersecurity, steering the industry to a path where safety and trust are paramount.
