VicOne, an automotive cybersecurity solutions leader, has officially published the results from its in-depth analysis to reveal concerning signs for the global automotive industry in 2025.
Named Shifting Gears: VicOne 2025 Automotive Cybersecurity Report, this particular analysis expanded upon a rapidly evolving landscape of automotive cybersecurity. This it did for the purpose of delivering actionable insights and emerging trends. More on that would reveal how the whole exercise took into account a total of 215 automotive cybersecurity incidents from 2024, highlighting a consistent threat throughout the year.
Talk about the published results on a slightly deeper level, we begin from the fact that cyberattacks across automotive sector, from 2022 through 2024, would go on to trigger tens of billions of dollars in estimated damages from ransomware, data breaches and operational disruptions.
Next up, we must dig into how automotive vulnerabilities reached an all-time high during the year 2024. In essence, more than 77 percent of automotive vulnerabilities were found on onboard or in-vehicle systems.
Another detail worth a mention here is rooted in how, even though artificial intelligence (AI) has shown to enhance in-car features and operational efficiency, it also brings forth a whole new assortment of vulnerabilities like prompt injection and compromised training data that challenge traditional security methods.
“We are amid a transformative era of mobility, as innovations such as AI are helping automakers differentiate their vehicles, accelerate time to market and enhance customer experience,” said Max Cheng, chief executive officer of VicOne. “A proactive, multilayered approach to cybersecurity across all levels of the supply chain will help the automotive industry stay ahead of evolving threats and thrive in pursuing the unprecedented opportunities ahead.”
Hold on, we still have a few bits left to unpack, considering we haven’t yet touched upon the way rapid EV adoption has exposed critical weaknesses in charging infrastructure. These weaknesses include insecure payment protocols, outdated communication standards, and more, each one potentially affecting both vehicles and power grids.
We also haven’t touched upon a particular piece of data, which claims that more and more cybercriminals are now leveraging dark-web channels to exchange sophisticated exploit techniques and stolen vehicle data, creating a risky environment for both manufacturers and the eventual consumers.
Among other things, it must be acknowledged how cloud and backend vulnerabilities were the most frequent attack vectors. These incidents typically involved ransomware attacks, data breaches and social engineering or phishing attacks. Beyond that, vehicle hijacking, supply-chain vulnerabilities, keyless entry exploits, and vehicle-electronics virtualization attacks were found to mostly involve onboard systems and over-the-air (OTA) vulnerabilities.
To further contextualize the severity of such issues, we must touch upon how the total count of automotive-related vulnerabilities published in 2024 reached 530 vulnerabilities, marking yet another annual gain and falling just two short of twice as many as in 2019.
“AI-enabled systems may encounter misuse and abuse throughout their lifecycle due to factors such as over- or under-utilization, operating outside of operational envelopes, and malice,” said a September 2024 US Department of Transportation white paper, Understanding AI Risks in Transportation. “Humans may either be a source of these vulnerabilities or help prevent them depending on their role in the system.”
