Cyber Risk Is Compounding. Automotive Governance Is Still Linear.

VicOne 2026 Automotive Cybersecurity Report

Automotive cyber risk no longer follows a clean sequence. Traditional platforms, software-defined systems, connected services, and AI-enabled functions now operate simultaneously inside the same vehicle ecosystem. Risk overlaps. It compounds. It accelerates. Most automotive organizations still govern risk as if these systems were separate. This report explains why continuing to govern cyber risk the same way is becoming a critical business exposure.

Download VicOne 2026 Automotive Cybersecurity Report

Overlap Era Why Automotive Cyber Risk No Longer Fits a Single Governance Model

This report does not describe future threats. It explains why today’s automotive cyber incidents already create business impact that traditional security structures can no longer contain. The findings are grounded in real-world incidents, Pwn2Own Automotive zero-day discoveries, dark and deep web intelligence, and open-source intelligence.

ATTACK SURFACE IS EXPANDING.
ACCOUNTABILITY IS NOT KEEPING UP.

ATTACK SURFACE IS EXPANDING. ACCOUNTABILITY IS NOT KEEPING UP. From isolated systems to overlapping risk domains

Compared to 2024, attacks now routinely span enterprise IT systems (e.g., ransomware attacks and data leakage), off-board systems, and in-vehicle systems at the same time. This is not a shift in attacker behavior. It is a shift in how automotive systems are built.

Governance still manages risk as if these systems were separate. Ownership, accountability, and decision authority remain fragmented.

Systems have converged. Accountability has fractured.

CYBER INCIDENTS NO LONGER STAY INSIDE ONE ORGANIZATION.

CYBER INCIDENTS NO LONGER STAY INSIDE ONE ORGANIZATION. From local incidents to global impact

Compared to 2024, incidents impacting multiple subsidiaries or business units have more than tripled. In 2025, 161 of 610 cases became global incidents.

Automotive cyber risk is no longer a technical problem. It is a cross-region, cross-supply-chain governance challenge.

As software platforms and OTA infrastructures become more centralized, the impact of a single security failure expands rapidly across the entire organization.

33% OF CYBER RISK NOW DIRECTLY IMPACTS DRIVER EXPERIENCE.

33% OF CYBER RISK NOW DIRECTLY IMPACTS DRIVER EXPERIENCE.

Recent data confirms a structural shift. Attackers still target enterprise IT systems. They are now extending attacks into user-facing integration layers, moving upward in the vehicle architecture. This signals a new level of attacker maturity.

In-vehicle systems have emerged as the primary target, accounting for nearly 40% of observed attacks. These are the systems drivers interact with every day.

As cyber risk moves closer to the driver, failures become visible incidents that directly shape trust, buying decisions, and brand value. As insurance coverage lags behind system complexity, more losses shift back to manufacturers.

11% OF CYBER RISK LIVES OUTSIDE WHAT YOU CAN GOVERN.

11% OF CYBER RISK LIVES OUTSIDE WHAT YOU CAN GOVERN.

A false sense of governance

89%
of automotive vulnerabilities are visible through CVEs. That creates confidence. But it creates blind spots.
11% live outside the CVE system.
They come from zero-day discoveries, independent research, and internal testing. Since 2024, 174 zero-day vulnerabilities have been uncovered through Pwn2Own Automotive. These risks existed in production environments before governance systems were aware of them.
Risk Icon
When vulnerabilities fall outside governance, executives are forced into reaction mode. Decisions follow incidents, not risk.
Risk Icon
This demands a governance model that connects risk across domains, accounts for vulnerabilities beyond CVEs, and turns technical signals into accountable decisions.
WHEN CRITICAL RISK OUTLIVES PRODUCTS, EXPOSURE BECOMES STRUCTURAL.

WHEN CRITICAL RISK OUTLIVES PRODUCTS, EXPOSURE BECOMES STRUCTURAL.

Critical and high-severity vulnerabilities are not just increasing. They are accumulating.

These are the hardest issues to fix. They require long engineering cycles and limited update windows. As their number grows, remediation capacity is compressed. The backlog expands faster than it can be reduced.

In an industry built on long product lifecycles and shared platforms, high-severity risk does not disappear. It carries forward across generations—becoming long-term operational and financial drag rather than a one-time security cost. Over time, this drag constrains investment flexibility and product strategy.

Risk will outlive products. Accountability must outlive releases.

Maintain the Old, Defend the New How Automotive Cyber Risk Has Shifted Across Vehicle Domains.

Automotive organizations are now required to manage risk across traditional vehicle platforms, software-defined systems, and AI-defined technologies simultaneously. The Past, Present, and Future framework helps leaders identify where risk concentrates today and how it shifts as vehicle technologies continue to evolve across major vehicle functional domains.

IVI AND SMART COCKPIT SYSTEMS: Infotainment Threats

PAST
Past
Insecure Bluetooth/Wi-Fi
USB-based exploits
Browser vulnerabilities
PRESENT
Present
Supply chain attacks
OTA-based exploits
Cloud API attacks
FUTURE
Future
AI-powered attacks
V2X exploitation
Prompt injection attacks

ADVANCED DRIVER ASSISTANCE SYSTEMS: ADAS Threats

PAST
Past
Hardware and software weaknesses
Unpredictable human behavior
PRESENT
Present
LiDAR and camera attacks
GNSS spoofing
FUTURE
Future
Distributed AI risks
V2X exploitation

POWERTRAIN: Powertrain Threats

PAST
Past
Jailbreaking
Diagnostics abuse
Hardware isolation
PRESENT
Present
BMS manipulation
Spoofing battery sensor feedback
FUTURE
Future
Adversarial grid manipulation
Powertrain model decision bias

BODY CONTROL AND ACCESS SYSTEMS: Body Control Threats

PAST
Past
Replay and relay attacks
CAN injection
PRESENT
Present
Rolling jam
Key programming
FUTURE
Future
Cryptanalysis
Positioning and timing spoofing

EV CHARGING INFRASTRUCTURE

PAST
Past
Brokenwire attacks
USB-based exploits
PRESENT
Present
OTA update hijacking
API and entry point exploits
Charging station management system (CSMS) vulnerabilities
FUTURE
Future
Botnet-driven grid destabilization
Insecure by design

AI-DEFINED VEHICLES (AIDV): Emerging AI Threats

AIDV

A Practical Path Forward in the Overlap Era

The automotive industry is entering an unprecedented era of overlapping risk domains. Success in the Overlap Era will depend on how well accountability is aligned across domains.

Ensuring OEMs can make decisions under pressure

Governance can no longer be structured around individual systems or organizational silos. As risk increasingly spans vehicle domains, enterprise IT, supply chains, and dealer environments, accountability must align with how risk propagates in practice. This enables faster, more consistent decision-making when incidents escalate.

Ensuring risk can be recalculated in real-time

Static risk models and periodic assessments are insufficient for event-driven, cross-domain attacks. Organizations need the ability to continuously recalculate risk by integrating threat intelligence, operational telemetry, and exposure data. This creates a shared, up-to-date view of risk that supports informed prioritization as conditions change.

Ensuring OEMs evolve faster than attackers

As attackers increasingly leverage automation and AI, defensive capabilities must evolve at the same pace. AI-enabled testing and red teaming transform point-in-time assessments into continuous learning loops. Insights from real attack paths feed back into risk computation, enabling organizations to adapt faster and reduce time-to-response.

Your cybersecurity decisions today will shape the next decade of vehicle trust.

THE FUTURE OF
AUTOMOTIVE
CYBERSECURITY

The Predictions for 2026

Cyber Incidents Become Leadership Stress Tests

Cyber incidents are no longer judged as technical failures. They are leadership stress tests, where public trust is defined by the speed and clarity of executive response.

AI Training Data Becomes the New Supply Chain Risk

As vehicles become AI-defined, compromised training data introduces a persistent risk that can shape vehicle behavior across generations and cannot be easily remediated.

Ransomware Becomes A Fleet Shutdown Weapon

Ransomware is evolving from data theft to fleet-level operational paralysis. Cyber risk will be measured by availability and revenue continuity, not just data loss.

One OTA Breach Becomes A Boardroom Crisis

Centralized OTA trust means a single breach can impact fleets at scale. Under pressure, slow decisions can rapidly escalate into mass recalls and substantial operational cost.