By CyberThreat Research Lab
The automotive industry is accelerating toward new frontiers, propelled by AI-powered enhancements, advances in electric vehicle (EV) charging infrastructure, and the rise of software-defined vehicles (SDVs), to name but a few. Understanding such shifts and the challenges that accompany them is key to ensuring that cybersecurity keeps pace with innovation in the industry.
Our latest annual report, “Shifting Gears: VicOne 2025 Automotive Cybersecurity Report,” explores how evolving cyber risks are challenging traditional defenses.
Here’s what’s changing in the automotive threat landscape — and what it means for cybersecurity strategies moving forward.
Supply chain weak links: gateways to large-scale attacks
While supply chain threats accounted for most discovered vulnerabilities in 2024, they have yet to materialize into large-scale incidents. However, this should not be mistaken for safety — rather, it presents a window of opportunity to strengthen defenses. As vehicle platforms become more standardized and interconnected, attackers will find more avenues to exploit weak links in the supply chain. Automakers must prioritize proactive risk mitigation to prevent supply chain vulnerabilities from escalating into industrywide crises.
Key takeaway: Strengthening supply chain security isn’t optional — it’s critical to preventing large-scale cyberattacks.
Figure 1. Number of vulnerabilities associated with automotive cybersecurity threats published each year from 2014 to 2024
Vulnerability exploits: hidden triggers behind real-world incidents
Our research highlights a correlation between documented Common Vulnerabilities and Exposures (CVEs) and real-world automotive cybersecurity incidents, particularly those involving vehicle hijacking. In 2024, vehicle hijacking threats were the second most prominent incidents recorded. These incidents primarily stemmed from onboard system vulnerabilities, which accounted for over three quarters of automotive vulnerabilities published last year.
Key takeaway: Vulnerability disclosures highlight real security gaps, making timely mitigation essential to prevent exploitation.
Figure 2. Most prevalent automotive cybersecurity threats in 2024 based on analyzed incidents
Cloud and back-end platforms: the new battleground for cybercrime
Cloud-based systems — which are essential to such applications as vehicle data storage, over-the-air (OTA) updates, and fleet management — have become prime targets for ransomware attacks and data breaches. With the growing integration of vehicle-to-cloud (V2C) communication, cloud-related vulnerabilities have shown a relatively steady increase since 2019, with spikes in 2022 and 2024. The expansion of back-end IT infrastructure has made cloud-based systems a significant attack surface for cybercriminal exploitation.
Key takeaway: Securing cloud-based automotive systems is vital as vehicle connectivity continues to expand.
Figure 3. Number of domain-related automotive vulnerabilities published each year from 2014 to 2024
EV charging infrastructure: a growing risk in third-party integrations
EV charging infrastructure emerged as one of the most frequently targeted areas of the automotive ecosystem in 2024. Most third-party integration risk incidents that we analyzed were linked to EV charging systems. Not only did EV charging–related vulnerabilities rank among the most reported issues of the year, but their number also increased significantly from 2023. These vulnerabilities pose risks beyond individual vehicles, potentially impacting user data and even power grid stability. Securing third-party systems, particularly for EV charging infrastructure, will be a key cybersecurity priority in 2025.
Key takeaway: As EV adoption grows, securing charging networks will be just as important as protecting vehicles themselves.
Figure 4. Distribution of automotive vulnerabilities published each year from 2022 to 2024 by affected system or component
The automotive industry: a lucrative target for cyberattacks
The automotive industry presents an attractive target for cybercriminals because of its vast volumes of valuable data, complex supply chains, and high financial stakes. In 2024, the estimated cost of cyberattacks on the industry continued its sharp upward trajectory, totaling US$22.5 billion in losses due to three key cost factors: data leakage, system downtime, and ransomware damage.
Key takeaway: The financial toll of cyberattacks on the automotive industry is skyrocketing — demanding urgent and strategic cybersecurity investments.
| Cost | 2022 | 2023 | 2024 |
|---|---|---|---|
| Data leakage | $4.0M | $9.7B | $20.0B |
| System downtime | $802.7M | $2.5B | $1.9B |
| Ransomware damage | $242.8M | $523.6M | $538.2M |
| Total | $1.0B | $12.8B | $22.5B |
Table 1. Estimated cost of cyberattacks from 2022 to 2024 in US dollars
Defending against evolving cyberthreats: a strategic imperative
Automotive cyberthreats have moved past exploits of hardware-level vulnerabilities; modern attacks now increasingly target onboard systems, cloud infrastructure, and vehicle control mechanisms. Recognizing this shift is essential for anticipating what lies ahead for 2025 and beyond — and for preparing the necessary defenses to confront evolving risks head-on.
Automakers must adopt a robust and proactive cybersecurity strategy to counter emerging threats effectively. We outline key measures to enhance security across supply chains, in-vehicle systems, connected platforms, and software development practices:
- Strengthen supply chain security. With supply chain threats accounting for the majority of threats associated with reported vulnerabilities from the past decade, automakers must:
- Enforce rigorous supplier security evaluations.
- Implement software bills of materials (SBOMs) to track software dependencies.
- Secure firmware and hardware development processes against potential threats.
- Enhance in-vehicle security. To mitigate risks associated with onboard systems, automakers must:
- Implement secure boot mechanisms to prevent unauthorized firmware modifications.
- Conduct continuous security assessments and vulnerability scans.
- Strengthen firmware integrity verification methods.
- Secure connected and cloud-based systems. As vehicle connectivity grows, automakers must:
- Adopt a zero trust architecture (ZTA) to secure vehicle-cloud data exchanges.
- Ensure robust end-to-end encryption in cloud communication.
- Enhance API security to prevent unauthorized third-party access.
- Improve software development security. To reduce security risks in automotive software development, automakers must:
- Implement secure software development lifecycle (SDLC) practices.
- Restrict access to testing and diagnostic tools.
- Conduct continuous security assessments throughout the software update cycle.
Key insights and perspectives: navigating the shifting landscape of automotive cybersecurity
Beyond a review of the threat landscape, our full report provides insights into automotive cybersecurity through the lens of industry trends (such as the push for AI, SDVs, and regulations) and highlights (including Pwn2Own Automotive, case studies, and the cybercriminal underground). It also offers broader recommendations and pertinent predictions to help automakers and other industry stakeholders adapt to an automotive cybersecurity landscape in a state of constant flux.
Download “Shifting Gears: VicOne 2025 Automotive Cybersecurity Report” to dive deeper into the driving forces and expert perspectives shaping the future of vehicle protection — and to ensure you’re prepared for the road ahead.
