Upstream Global Automotive Cybersecurity Report 2025

Keypoints

• These reports generally consist of sections such as Executive Summary, Methodology, Threat Landscape, Trends, Regulatory Impact, and Solutions, providing a comprehensive view of cybersecurity risks and mitigation strategies.
• Key statistics highlight a surge in cyber incidents—particularly ransomware—with over 60% involving high or massive impacts affecting thousands to millions of mobility assets in 2024, indicating escalating threat severity.
• Notable trends include increasing remote attacks, manipulation of vehicle systems, and rising activity of black hat actors motivated by scale and impact, especially via deep and dark web channels.
• The reports reveal that attack vectors are expanding, with threats targeting APIs, telematics, infotainment, EV charging infrastructure, V2X communications, and backend systems, leading to more sophisticated exploits.
• Significant findings stress the threat posed by software-defined and autonomous vehicle vulnerabilities, including sensor spoofing, API breaches, and supply chain attacks that could compromise safety and operational continuity.
• Emerging threat actor behaviors focus on data exfiltration and leveraging ransomware-as-a-service models, emphasizing the importance of AI-driven monitoring, threat intelligence, and proactive cybersecurity strategies.
• Regulatory developments, such as the EU AI Act and UNECE WP.29 standards, are influencing industry practices, but the report warns that compliance alone is insufficient without active threat defense measures.
• The reports consistently underline the importance of adopting advanced cybersecurity solutions, such as AI-powered vSOC, vulnerability management, and API security, to bridge the widening cybersecurity gaps in automotive and mobility sectors.