Navigation
Introduction
Automotive Cyber Security Statistics highlight the increasing need to protect connected, software-driven vehicles from evolving cyber threats as modern vehicles become more reliant on connectivity, advanced electronics, cloud platforms, and over-the-air updates.
These statistics provide insight into the scale of vehicle-related cyber risks, common attack methods, the adoption of security technologies, and compliance with emerging automotive regulations and standards.
By analyzing trends across passenger vehicles, commercial fleets, electric vehicles, and autonomous systems, automotive cybersecurity statistics help stakeholders understand risk exposure, assess preparedness levels, and evaluate the effectiveness of security strategies within the rapidly digitizing automotive ecosystem.
Editor’s Choice
- The Automotive Cyber Security market is anticipated to be USD 22.2 billion by 2032. It is estimated to record a steady CAGR of 22%.
- The share of automotive cyber incidents classified as having a high or massive impact rose sharply, doubling between 2022 and 2023 and now representing nearly 50% of all recorded incidents.
- Remote attack methods dominate the threat landscape, accounting for 95% of automotive cyberattacks, carried out without physical access to the vehicle or its systems.
- A majority of incidents are attributed to malicious threat actors, as 64% of attacks were executed by black hat groups.
- Threat actor behaviour is increasingly focused on large-scale disruption rather than isolated targets, reflecting a shift toward broader-impact strategies.
- Analysis of deep- and dark-web activity shows that 65% of observed cyber activities had the potential to affect thousands to millions of mobility assets.
- Additionally, 37% of deep- and dark-web cyber activities were found to have the potential to impact multiple stakeholders across the global automotive and mobility ecosystem.
Severity and Scale of Cyber Risks in the Automotive Ecosystem
- The severity of automotive cyber incidents has increased significantly, with cases classified as high or massive impact rising sharply and now accounting for nearly 50% of all reported incidents, up from the previous year.
- Cyber threats targeting vehicles and mobility systems are overwhelmingly remote, with 95% of attacks executed without requiring direct physical access.
- Malicious actors continue to dominate the threat landscape, with 64% of automotive cyberattacks attributed to black hat attackers.
- Threat actor strategies are increasingly focused on scale, aiming to maximize disruption and financial or operational impact rather than targeting isolated systems.
- Insights from deep- and dark-web monitoring indicate that 65% of observed cyber activities could affect thousands to millions of connected mobility assets.
- A substantial 37% of these activities also demonstrated the capacity to simultaneously impact multiple stakeholders across the global automotive and mobility ecosystem.
(Source: Upstream Security Ltd)
Scale Distribution of Deep and Dark Web Automotive Cyber Threats
- High-impact activities dominate serious and dark-web cyber threats, accounting for 59.7% of observed incidents in 2023.
- Medium-scale threats account for a significant share, with 24.7% of cyber activities showing moderate potential impact.
- Low-scale cyber activities account for only 10.7% of total deep- and dark-web threat observations.
- Massive-scale threats, while less frequent, remain critical, as 5.0% of activities carry the potential for widespread and severe disruption across mobility systems.
(Source: Upstream Security Ltd)
Primary Focus Areas of Black Hat and Fraud Actors in Automotive Cybercrime
- Vulnerability exploitation is the leading area of interest for malicious actors, accounting for 49.5% of black-hat and fraud-related activities in the automotive cyber domain.
- Diagnostic software tools represent a major secondary target, with 19.3% of activities focused on exploiting or misusing vehicle diagnostic systems.
- Tools designed for vehicle manipulation attract 12.6% of threat actors’ attention, underscoring the risks posed by unauthorized control and modification capabilities.
- Personally identifiable information remains a valuable target, as 11.9% of activities involve attempts to access or trade sensitive automotive and user data.
- Instructional resources, such as car-hacking manuals, account for 6.7% of observed activity, indicating continued interest in knowledge sharing for automotive cyber exploitation.
(Source: Upstream Security Ltd)
Threat Actor Distribution in Automotive Cyber Incidents
- Black hat actors were responsible for the majority of automotive cyber incidents in 2023, accounting for 64% of all recorded attacks.
- Ethical security researchers and white-hat actors accounted for a smaller share, contributing 36% of the reported incidents.
(Source: Upstream Security Ltd)
Remote Dominance in Automotive Cyberattack Methods
- Automotive cyber incidents in 2023 were overwhelmingly remote, with 95% of attacks executed without physical access to vehicles or systems.
- Physical attacks accounted for only 5% of total incidents, highlighting their relatively minor role in the threat landscape.
- Among remote attacks, long-range methods were the most prevalent, accounting for 85% of all remote automotive cyber incidents.
- Short-range remote attacks were far less common, comprising just 15% of remote incidents during the year.
(Source: Upstream Security Ltd)
Impact Distribution of Automotive Cyber Incidents
- Service and business disruption represent the most common impact of automotive cyber incidents, accounting for 42% of reported cases in 2023.
- Data and privacy breaches follow as a major consequence, with 22% of incidents involving unauthorized access or exposure of sensitive information.
- Fraud-related activities contribute significantly to the overall impact, accounting for 20% of automotive cyber incidents.
- Direct vehicle theft linked to cyber activity is less frequent, accounting for 5% of reported incidents.
- Manipulation of in-vehicle systems accounts for a smaller share of incidents, with 3% involving unauthorized system interference.
- Policy violations and location tracking abuses each account for 3% of total incidents, highlighting emerging regulatory and privacy concerns.
- Attempts to gain direct control over vehicle systems are comparatively rare, accounting for only 2% of automotive cyber incidents.
(Source: Upstream Security Ltd)
Primary Consequences of Automotive Cyber Incidents
- Service disruptions and business operations are the most widespread outcomes of automotive cyber incidents, accounting for 42% of reported cases in 2023.
- Compromises involving data exposure and privacy breaches account for a significant share, with 22% of incidents linked to unauthorized access to sensitive information.
- Financially motivated cyber activity remains prominent, as fraud-related incidents account for 20% of the total impact.
- Cyber-enabled vehicle theft is comparatively limited, contributing to 5% of reported automotive cyber incidents.
- Unauthorized manipulation of vehicle systems is less common, accounting for 3% of cases.
- Regulatory and compliance-related breaches account for 3% of incidents, signalling emerging governance challenges.
- Location-tracking misuse also accounts for 3% of total cases, highlighting privacy risks associated with connected vehicle data.
- Direct attempts to gain control of vehicle systems are rare, accounting for just 2% of reported automotive cyber incidents.
(Source: Upstream Security Ltd)
Trend in Automotive-Related Software Vulnerabilities
- The number of automotive-related Common Vulnerabilities and Exposures remained relatively low in 2019, with 24 identified cases.
- Vulnerability disclosures increased modestly in 2020, reaching 33 reported automotive-related CVEs.
- A sharp escalation occurred in 2021, when the number of identified vulnerabilities rose significantly to 139.
- The upward trend continued in 2022, with 151 automotive-related CVEs reported, indicating sustained growth in software exposure.
- In 2023, vulnerability discovery surged dramatically, with 378 automotive-related CVEs identified, reflecting the rapid expansion of vehicle software complexity and connectivity.
(Source: Upstream Security Ltd)
Distribution of Automotive Cyber Vulnerabilities Across the Supply Chain
- Tier two software and hardware providers account for the largest share of publicly reported automotive vulnerabilities between 2019 and 2023, with 527 identified cases linked to chipsets, mobility platforms, and aftermarket devices.
- Original equipment manufacturers represent a smaller but notable share of reported vulnerabilities, with 124 cases directly attributed to vehicle manufacturers.
- Tier one component suppliers also contribute to the vulnerability landscape, with 74 publicly disclosed issues recorded during the same period.
(Source: Upstream Security Ltd)
Primary Attack Vectors in Automotive Cyber Incidents
- Cloud and backend infrastructure represent the most exploited attack surface, accounting for 45% of automotive cyber incidents, reflecting the growing reliance on connected and cloud-based vehicle services.
- Infotainment systems emerge as a major entry point, accounting for 15% of reported attacks due to their connectivity and user-facing interfaces.
- Application programming interfaces are a significant vulnerability area, with 11% of incidents linked to insecure or exposed APIs.
- Over-the-air update mechanisms and electronic control units are targeted in 9% of cases, highlighting risks associated with remote software updates.
- Mobile applications connected to vehicles account for 7% of attack vectors, indicating increasing exposure through companion apps.
- Telematics systems also account for 7% of incidents, reflecting vulnerabilities in vehicle-to-cloud communication channels.
- Wireless interfaces, such as Bluetooth, account for 5% of attacks, often through short-range exploitation.
- Keyless entry systems account for 3% of incidents, showing continued but limited exploitation of access technologies.
- Charging infrastructure-related attacks account for 2% of incidents, reflecting emerging risks in electric vehicle ecosystems.
- Internal vehicle networks are implicated in 2% of cases, while onboard diagnostic ports represent the smallest share at 1%, indicating lower but persistent physical access risks.
(Source: Upstream Security Ltd)
Dominant R155 Cyber Threat Categories Affecting Vehicles
- The largest share of 2023 automotive cyber incidents falls under exploitable weaknesses, with 34% linked to insufficiently protected or hardened potential vulnerabilities.
- Backend infrastructure connected to vehicles in operation represents a major risk area, accounting for 29% of reported R155-related cyber threats.
- Human-related factors continue to play a role, as 13% of incidents stem from unintended actions that facilitated cyberattacks on vehicles.
- Weaknesses in vehicle software update processes account for 7% of cyber threats, highlighting risks associated with patching and update mechanisms.
- External connectivity and interface-related threats also account for 7%, reflecting exposure through connected services and third-party integrations.
- Risks associated with vehicle data and embedded code account for 6% of reported threats, underscoring the need for secure data-handling practices.
- Communication channel vulnerabilities are comparatively less frequent but still relevant, accounting for 4% of automotive cyber incidents under the R155 framework.
(Source: Upstream Security Ltd)
Ransomware Groups Targeting the Automotive Industry
- A total of 43 ransomware incidents impacting the automotive industry were attributed to a concentrated set of known ransomware families.
- Conti emerged as the most dominant ransomware group, accounting for 32.56% of reported automotive-related ransomware activity.
- LockBit followed as a major threat actor, responsible for 23.26% of the observed incidents affecting automotive organizations.
- Hive accounted for a notable share of attacks, contributing 13.95% to the sector’s total ransomware activity.
- Black Basta accounted for 9.3% of ransomware incidents, indicating a moderate but visible presence in automotive targeting.
- Clop and Cuba each contributed 4.65% of attacks, reflecting smaller yet persistent threat activity.
- BlackCat, Lapsus$, Pandora, Snatch, and Stormous each accounted for 2.33% of incidents, highlighting a long tail of less frequent but active ransomware groups.
(Source: VicOne)
Types of Data Most Commonly Compromised in Automotive Industry Breaches
- Consumer information represents the largest category of compromised data, accounting for 41.7% of all breach incidents.
- Company-sensitive information is frequently targeted, comprising 16.7% of exposed data across reported cases.
- Internal credential information also accounts for 16.7%, highlighting risks associated with access controls and authentication systems.
- Proprietary information makes up 16.6% of compromised data, underscoring threats to intellectual property and confidential business assets.
- Employee-related information is comparatively less affected, representing 8.3% of the total data compromised in automotive breaches.
(Source: VicOne)
Sample of Recent EVCS and IoT Cybersecurity Regulations
| Region / Authority | Regulation / Standard | Scope / Focus Area | Timeline | Nature |
| United States (NIST) | NIST IR 8473 National Electric Vehicle Infrastructure Standards and Requirements | EV Charging Systems (EVCS) | April 2023 | Voluntary |
| Europe (ETSI) | ETSI EN 303 645 Cybersecurity for Consumer IoT | IoT and connected devices | August 2025 | Mandatory |
| European Union | NIS2 Directive for Critical Infrastructure Cybersecurity | Critical infrastructure, including energy and transport | October 2024 | Mandatory |
| European Union | EU Cyber Resilience Act | IoT and connected digital products | Expected early 2024 with a 3-year transition period | Mandatory |
| United Kingdom (BSI) | BSI Standards for Energy Smart Appliances | Energy smart appliances (ESAs) | December 2021 | Voluntary |
| United Kingdom | Electric Vehicles Smart Charge Points Regulations 2021 | EV charging infrastructure | December 2022 | Mandatory |
| Japan (MIC) | MIC IoT and 5G Comprehensive Cybersecurity Measures | IoT and 5G networks | June 2019 | Mandatory |
| Japan (METI) | METI IoT Security and Safety Framework | IoT systems and services | November 2020 | Mandatory |
Conclusion
Automotive cybersecurity statistics reflect a rapidly evolving risk landscape shaped by the increasing reliance on connectivity, software-defined vehicle architectures, and digital ecosystems. The data points to a rise in high-impact, large-scale incidents, with the majority of attacks carried out remotely and largely driven by organized malicious actors.
At the same time, vulnerability disclosures continue to grow across vehicle software, backend systems, and the broader automotive supply chain, particularly among external software and hardware providers. The findings further show that cyber incidents now extend beyond technical disruptions to include operational downtime, data and privacy breaches, and financially motivated attacks.
Cloud platforms, infotainment systems, APIs, and mobile applications have emerged as the most frequently exploited attack surfaces, while ransomware and data theft remain persistent threats. Overall, automotive cybersecurity statistics underscore the need for proactive security strategies, stronger regulatory alignment, and a secure-by-design approach across vehicles, infrastructure, and the connected mobility ecosystem.
FAQ’s
What is the conceptual meaning of automotive cybersecurity statistics?
Automotive cybersecurity statistics represent structured measurements of cyber risks, threat patterns, vulnerabilities, and security outcomes across vehicle systems, digital automotive platforms, and connected mobility environments.
How do automotive cybersecurity statistics contribute to risk understanding?
These statistics provide an empirical basis for identifying risk exposure, assessing threat intensity, and understanding how cyber risks evolve across vehicle lifecycles, supply chains, and digital infrastructures.
What dimensions are typically captured in automotive cybersecurity statistics?
Key dimensions include threat actors, attack vectors, system vulnerabilities, incident frequency, impact severity, and the effectiveness of security controls across automotive systems.
How do automotive cybersecurity statistics differ from general cybersecurity metrics?
Unlike general cyber metrics, automotive cybersecurity statistics must account for safety-critical systems, embedded software, real-time communication, physical cyber interactions, and long operational lifespans.
Why is trend analysis central to automotive cybersecurity statistics?
Trend analysis helps reveal shifts in attack methods, changes in threat actor behavior, and the increasing complexity of vehicle software and connectivity over time.
