“The automotive industry will eventually wake up to cyber attacks. It's a pandemic that's just waiting for an outbreak.”
A new report finds ransomware rising in connected vehicles, as experts warn that shared digital infrastructure could amplify future risks.
A new report analyzing 494 publicly reported cybersecurity incidents worldwide in 2025 across the automotive and smart mobility ecosystem does not point to a mass consumer crisis. But the composition of those incidents suggests a structural shift in risk.
According to the 2026 Global Automotive and Smart Mobility Cybersecurity Report by Upstream Security, 44% of last year’s incidents were ransomware-related, more than double the share recorded in 2024. Ninety-two percent of attacks were conducted remotely, and most required no physical proximity to the vehicle.
1 View gallery
Yigal Unna, former head of the Israel National Cyber Directorate.
(Photo: Clarity Sec)
The numbers remain modest relative to the size of the global automotive industry. Yet the growing concentration around remote access, cloud infrastructure, and ransomware is drawing attention from policymakers and security experts.
“The automotive industry will eventually wake up once it rises from 494 attacks to 49,000 - and it will very quickly. Because it's easy; it's all the same machines with no defense, with the same connectivity. It's a pandemic that's just waiting to have an outbreak,” said Yigal Unna, former head of the Israel National Cyber Directorate.
His concern is less about how many attacks are happening today and more about how similar these systems are to each other. Modern cars, trucking fleets, and logistics networks often run on the same kinds of software, cloud services, and remote management systems. If a weakness is found in one of them, it could potentially be used against many others in the same way.
Upstream’s report found that 67% of incidents involved telematics and cloud systems, underscoring that exposure increasingly sits in backend infrastructure, APIs, and remote management platforms rather than in physical tampering with vehicles.
That reflects a broader technological shift within the industry.
“The real revolution is within computerizing: boosting the capabilities of everything within the car with computers, with information technology from the highest end. But it all comes with a huge cost of exposure, of mobility, of communication,” Unna said.
Over the past several years, vehicles have evolved into connected computing platforms. Over-the-air software updates, cloud-based diagnostics, fleet management dashboards, and companion apps have improved efficiency and lowered maintenance costs. At the same time, they have expanded the attack surface beyond the vehicle itself.
The implications are different for private drivers and for commercial fleets. A compromised infotainment system is a nuisance. A coordinated attack on heavy trucks, buses, or emergency vehicles could disrupt supply chains or critical services.
Upstream’s report notes that some of 2025’s most severe incidents triggered operational disruptions across manufacturers and suppliers. In one case, a cyberattack on a European OEM reportedly halted production for weeks and had broader economic effects.
Still, 494 publicly disclosed incidents globally does not amount to a systemic breakdown. The sector remains in a transitional phase, where risks are emerging alongside rapid digitization.
The question is what would push the issue beyond industry circles and into the public domain.
“I don’t want to give any ideas to attackers - but once there's a series of non-isolated attacks that will take lives, I think then very quickly we'll see a huge outcry,” Unna said.
In his view, regulators often act decisively only after visible harm. He pointed to aviation security reforms that were adopted globally after major attacks, even though technical solutions had existed for years.
Some regulators are already moving. In Israel, baseline cybersecurity requirements are being incorporated into vehicle licensing processes. Internationally, automotive cybersecurity standards such as UNECE WP.29 have begun mandating risk management and software update governance frameworks for manufacturers.
The broader challenge is ensuring that defense keeps pace with offense. Cyber threats evolve quickly, particularly as attackers leverage AI tools to automate reconnaissance and exploitation. Automotive development cycles and regulatory processes move more slowly.
There are several companies in addition to Upstream that are tackling the problem, including Israel's Enigmatos, which monitors vehicle control units to identify and mitigate various cyber threats in real-time.
For now, the data points to a sector under pressure rather than in crisis. The number of publicly reported incidents remains limited, but ransomware’s growing share and the dominance of remote attack vectors suggest that the industry’s expanding digital backbone is becoming a focal point for organized threat actors. The exposure lies less in cinematic vehicle takeovers and more in standardized, cloud-connected systems that manage fleets, updates, and operations at scale.
According to Unna, whether automotive cybersecurity becomes a broader public issue may depend not on incremental increases in reported incidents, but on the nature of the first truly consequential event: “Unfortunately, we usually wait for tragedy to strike, and only then do we take action.”
