Electric vehicles’ charging software: What businesses need to know

Across Europe and the UK there are currently over three quarters of a million electric vehicle (EV) charging points¹, with this figure expected to continue increasing to meet public demand and government targets. EV charging software, which enables EV chargers to operate and provides optimisation tools for EV charging, brings many significant benefits to users but with some risks to consider. In this article, we will explore how it operates, the risks involved and what businesses should be aware of.

At its core, EV charging software manages and optimises the charging of vehicles, both individually and across the station or grid, and handles billing and payments.

For consumers, EV charging software finds and suggests charging points and initiates charging sessions, processes payments and provides basic monitoring of charging. For businesses, advanced management features in commercial EV software allow users to track vehicle location, battery levels and charging schedules. Additionally, the software enables them to understand exactly how their fleet is performing, utilise low-cost charging periods and provide route optimisation for efficient energy use. However, using such tools can come with risks, as will be outlined below.

Charging network interruption – A cyber attack to EV charging software could cause significant outages across the EV charging network. Additionally, an attack could encrypt the charging software and allow all charging points to be open for free or disable them entirely, losing money for the charging company and be liable for penalties from the energy provider. Charging customers may decide to charge elsewhere and could lose confidence in the charging provider.

Smart grid disruption – Cyber attacks could disrupt the smart grid by interfering with network stability. For example, an attack could manipulate the communication from EV chargers to the grid, causing a sudden surge in demand or mass shut down of charging stations. This manipulation could overwhelm the grid’s ability to maintain the flow of electricity, which could lead to power outages.

Data theft or manipulation – As EV charging software companies host their customers’ data on their servers, a cyber attack, software glitch or malfunction could compromise businesses’ fleet data, PII and payment details or even lead to monetary theft. If this is outsourced, the charging software provider needs to make sure that the third-party processor has appropriate security controls in place.

Malware – Hackers could inject malware into vehicles when they are plugged in to charge, or other systems connected to the grid. Thus, the risk extends beyond the charging infrastructure and the vehicle or fleet performance itself could also be impacted. For example, malware could potentially disrupt commercial fleets and their ability to deliver goods or services.

Software malfunctions - As with any software product, there is the possibility that defects in the platform could cause malfunctions. This could result in a variety of outcomes including incorrect billing, issues with voltage and power flow, or damage to the equipment.

Physical controls – access controls, safety hardware and tamper prevention measures can become damaged or faulty, leading to unauthorised access or voltage issues.

Integration issues – Different charging stations and software systems may not always communicate smoothly. This can lead to compatibility problems, hindering operations and causing frustration for users.

Evaluate the company – If a business decides to implement EV charging points on their property, doing due diligence on the EV charging software company is a must. Identify that they are compliant with relevant legislation, such as the Alternative Fuels Infrastructure Regulation (AFIR) and IEC 61851 in the EU and the Electric Vehicles (Smart Charge Points) Regulations 2021 and Public Charge Point Regulations 2023 (PCPR) in the UK.

Cyber hygiene – Maintaining good cyber hygiene protocols can help to protect EV charging software or related apps. This means updating software when new versions become available to ensure any bugs or vulnerabilities are addressed. Consider educating EV network users on how they can best protect their accounts from unauthorised access.

Physical protection – Implementing security measures can mitigate the risk of software manipulation and data theft. For depot-based chargers with open charging connections, physically protecting chargers and charging areas can help to prevent unauthorised use.

Performance monitoring – Proactively monitor the physical health of the EV charging products on site to ensure they’re performing optimally, for example by using monitoring technology. It may be beneficial to have a Network Operating Center (NOC) and Security Operating Center (SOC) to monitor performance and security issues, and escalation procedures in place to manage incidents.

Forward planning – Developing a resilient Incident Response Plan can enable preparedness should the EV charging system be hit with an attack, and a Business Continuity Plan would help to get operations back up and running if an attack occurs.

As detailed in this article, EV charging brings significant benefits to businesses, such as vehicle use optimisation, cost and performance, or provides an additional revenue stream. However, there are some significant risks associated with EV charging software. Working in close partnership with their insurance broker and carrier will help businesses to understand the risks that will affect them.

As one of our Industry Practices, Chubb Climate+ draws on our extensive technical capabilities in underwriting and risk engineering and provides a full spectrum of insurance products and services to businesses involved in the journey to net zero. Contact us today to find out more about our client centric insurance solutions for climate-related businesses.