Upstream Security, the leading provider of cloud-based cybersecurity and data management platform purpose-built for automotive, smart mobility, and IoT ecosystem, released the 2025 Automotive & Smart Mobility Cybersecurity Report. The annual report, returning for its seventh year, highlights that despite the increased regulatory attention, the number, scale, and severity of cyber attacks continues to grow, showing a false sense of security and resilience. Automakers and mobility stakeholders have to go beyond regulations to address the threats causing serious implications for safety, operational availability and data privacy.
Cyber Technology Insights: SRA Watchtower Acquires Lumio Insight for Holistic Risk
The report revealed that in 2024, 60% of cybersecurity incidents in the automotive and smart mobility sectors affected thousands to millions of mobility assets, including vehicles, EV charging stations, smart mobility apps, and connected devices. Notably, massive-scale incidents—each impacting millions of vehicles—more than tripled, rising from 5% in 2023 to 19% in 2024. This sharp increase highlights the urgent need for organizations to prioritize resilience by extending their cybersecurity efforts beyond regulatory compliance.
The rise of software-defined and autonomous vehicles has introduced new vulnerabilities, leading to a widening cybersecurity gap. Additionally, critical infrastructure in smart mobility devices, like EV chargers and fleet management systems, has expanded the attack surface and magnified the stakes. Mobility-specific ransomware attacks surged in 2024 causing unprecedented disruptions with 108 reported ransom attacks and 214 data breaches. One of the most impactful incidents was a ransomware attack in June on a leading US-based software provider used by 15,000 automotive dealerships which resulted in halted operations for nearly three weeks, estimating losses at $1.02 billion.
“The cybersecurity landscape across the Automotive and Smart Mobility ecosystem is poised to become more complex than ever,” said Yoav Levy, CEO and co-founder of Upstream. “Cyber threats are evolving faster than the industry is prepared to handle, outpacing regulation-driven measures. Threat actors have already shifted toward large-scale, sophisticated and AI-powered attack methods, targeting not only vehicles but also interconnected systems such as EV charging infrastructure, API-driven apps, and smart mobility IoT devices. This growing attack surface demands a transformative and proactive approach to cybersecurity.”
Cyberattacks in 2024 became more sophisticated and frequent, targeting vehicles and backend systems, as well as smart mobility platforms, devices, and applications. 65% of publicly reported cyber incidents were carried out by black hat actors with malicious intent. 92% of attacks were executed remotely, supporting the surge in scale and impact, of which 85% were long-range and did not require any physical proximity to the targeted asset. The ecosystem experienced a significant surge in telematics and application server attacks in 2024— 43% of incidents in 2023 rising to 66% in 2024.
In addition to monitoring publicly reported cyber incidents, Upstream’s AutoThreat® team monitors the deep and dark web for threat actors targeting connected vehicles, mobility applications and devices. When zooming in on deep and dark web activities carried out by black hat hackers, 70% activities had the potential to impact thousands to millions of mobility assets and over 76% targeted multiple stakeholders and had a global reach.
Additional key findings in the report include:
2024 saw 409 new incidents (up from 295 in 2023), contributing to a total of 1,877 documented cases since 2010.
The dramatic rise in incidents is largely attributed to a sharp escalation in ransomware attacks targeting the mobility sector.
Data and privacy-related incidents accounted for 60% of 2024 incidents, up 20% from 2023.
The percentage of incidents involving car system manipulation and control of vehicle systems increased dramatically in 2024, accounting for over 35% of incidents.
Cyber Technology Insights: Enzoic Reports Surge in Fortune 500 Account Breaches
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
Source – prnewswire
