Upstream Global Automotive Cybersecurity Report 2024

Keypoints

• The report is structured into sections such as executive summaries, threat analyses, regulatory updates, attack vectors, cybersecurity solutions, and future predictions, providing a comprehensive view of the industry’s cybersecurity landscape.
• It highlights key statistics, including a doubling in incidents with “High” or “Massive” impact in 2023 to nearly 50%, and the increase in large-scale cybersecurity breaches affecting millions of assets worldwide.
• A notable trend is the proliferation of diverse attack vectors in 2023, such as OTA updates, APIs, ECUs, and EV charging infrastructure, reflecting increasingly sophisticated threat techniques.
• The report underscores the expanding role of deep and dark web activities, where nearly 65% of cyber incidents threaten thousands to millions of mobility assets, with threat actors targeting multiple stakeholders across the ecosystem.
• Recurring themes include the shift of threat actor motivation towards scale and impact, the financial consequences of breaches—such as ransomware demands reaching $70 million—and the integration of AI, particularly GenAI, to enhance cybersecurity tools and responses.
• It discusses the evolution of regulations like UNECE WP.29 R155, ISO/SAE 21434, and EU Cyber Resilience Act, which are shaping the industry’s cybersecurity compliance efforts globally.
• The report stresses the importance of multi-layered security architectures, continuous vehicle lifecycle protection, and proactive threat intelligence to mitigate emerging risks, with innovative platforms like Upstream’s AutoThreat® playing a key role.
• Predictions for 2024 include the transformative impact of GenAI, increased API security focus, and ongoing regulatory developments to address the evolving threat landscape.