Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity Report released today reveals that 60% of cybersecurity incidents in the automotive and smart mobility sectors in 2024 affected thousands to millions of mobility assets including vehicles, EV charging stations, smart mobility apps, and connected devices. Notably, massive-scale incidents—each impacting millions of vehicles—more than tripled, rising from 5% in 2023 to 19% in 2024. Company execs say that the sharp increase highlights the urgent need for organizations to prioritize resilience by extending their cybersecurity efforts beyond regulatory compliance.

The rise of software-defined and autonomous vehicles (SDVs and AVs) has introduced new vulnerabilities, leading to a widening cybersecurity gap. Critical infrastructure in smart mobility devices, like EV chargers and fleet management systems, has expanded the attack surface and magnified the stakes.

Mobility-specific ransomware attacks surged in 2024, causing “unprecedented disruptions,” with 108 reported ransom attacks and 214 data breaches. One of the most impactful incidents was a ransomware attack in June on a leading U.S.-based software provider used by 15,000 automotive dealerships that resulted in halted operations for nearly three weeks and estimated losses at $1.02 billion, according to consulting firm Anderson Economic Group, LLC.

“The cybersecurity landscape across the automotive and smart mobility ecosystem is poised to become more complex than ever,” said Yoav Levy, CEO and Co-founder of Upstream. “Cyber threats are evolving faster than the industry is prepared to handle, outpacing regulation-driven measures. Threat actors have already shifted toward large-scale, sophisticated, and AI-powered attack methods, targeting not only vehicles but also interconnected systems such as EV charging infrastructure, API-driven apps, and smart mobility IoT devices. This growing attack surface demands a transformative and proactive approach to cybersecurity.”

Cyberattacks in 2024 became more sophisticated and frequent, targeting vehicles and backend systems as well as smart mobility platforms, devices, and applications. Among the key findings, 65% of publicly reported cyber incidents were carried out by black hat actors with malicious intent. About 92% of attacks were executed remotely, supporting the surge in scale and impact, of which 85% were long-range and did not require any physical proximity to the targeted asset. The ecosystem experienced a significant surge in telematics and application server attacks in 2024, with 43% of incidents in 2023 rising to 66% in 2024.

In addition to monitoring publicly reported cyber incidents, Upstream’s AutoThreat team monitors the deep and dark web for threat actors targeting connected vehicles, mobility applications, and devices. Regarding black hat hackers, 70% of their activities had the potential to impact thousands to millions of mobility assets, and over 76% targeted multiple stakeholders and had a global reach.

Additional findings in the report include that 2024 saw 409 new incidents (up from 295 in 2023), contributing to a total of 1877 documented cases since 2010. The dramatic rise in incidents is largely attributed to a sharp escalation in ransomware attacks targeting the mobility sector. Data and privacy-related incidents accounted for 60% of 2024 incidents, up 20% from 2023. The percentage of incidents involving car system manipulation and control of vehicle systems increased dramatically in 2024, accounting for over 35% of incidents.

The report covers a range of topics including China’s strategic automotive investments and impact on the cyber landscape, EV charging infrastructure risks, 2024’s attack vectors, and today’s regulatory reality.

In a pre-brief with the media, Shira Saris-Hausirer, Vice President of Marketing at Upstream, emphasized the report’s identification of a cyber gap. She says that there was an inflection point last year that started to show a separation between how OEMs and other stakeholders perceive cyber risk.

They are primarily motivated by regulation, in this case, the most prominent being the UNECE WP.29 R155 for Cyber Security Management System. OEMs and suppliers have been implementing measures for type approval alongside WP.29 R156 for the Software Update Management System. However, a critical milestone based on the second phase of R155 made compliance mandatory for all new vehicles entering production from July 2024. Some OEMs discontinued specific models, most notably Porsche with its Macan, due to anticipated R155 compliance challenges and the impending second milestone deadline.

China has also started to push out new cybersecurity regulations, so the global OEMs wanting to be active in the market will have to adapt. Similar to R155, the Chinese GB 44495 rule sets technical and testing requirements for vehicle cybersecurity for OEMs.

Saris-Hausirer is also keeping an eye on the U.S. rule just finalized in the transition of executive administrations essentially banning all software and hardware coming from China in the next five years. It is unclear what the current administration will decide to do, or its impact on cybersecurity, but Upstream execs are keeping a close eye on those developments.

On top of increasing regulation, as more technologies are introduced to the market in the form of software-defined architectures and autonomy, the risk is accelerating at a much faster pace.

“All the stakeholders need to think outside of the box,” concluded Saris-Hausirer. “Real-time monitoring is a must, especially when it comes to operational systems. In the short term, we’re seeing that the Chinese initiatives are bound to reshape our industry as we know it and have already made a dramatic financial impact from a cybersecurity perspective. So, it’s interesting to see how those will shape up in the next year or so.”