T H E S TAT E O F A U TO M OT I V E C Y B E R S EC U R I T Y

Highlights From the VicOne 2025 Automotive Cybersecurity Report

 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

As vehicles transform into sophisticated, software-defined

machines, the stakes for cybersecurity have never been
higher. The race to secure connected vehicles is on,
as unprecedented cybersecurity risks emerge with every
new line of code and advanced feature.

In this overview, VicOne examines the key trends and

insights arising from a landscape filled with risks as well
as opportunities. From emerging AI security risks to
predictions of future challenges, these highlights offer a
snapshot of

an automotive cybersecurity
landscape in a state of
C O N S TA N T F L U X .
AI
THE STATE OF AUTOMOTIVE C YBERSECURIT Y

Core AI Risks in
Automotive Security
AI systems in vehicles introduce both
access and data vulnerabilities,
opening new attack vectors for
cyberthreats.

Revolutionizing Voice Assistance

Systems: New
Frontiers, New Risks
Onboard AI
Deployment and
Expanded Attack Surfaces

Mobility, Voice assistants have revolutionized

vehicle operation with hands-free
functionality. But their dependence
Directly deploying AI models onto
in-vehicle hardware ensures low
latency and responsiveness for

REDEFINING RISKS on voice recognition gives rise to

novel threats such as prompt
critical functions. However, chip-
based AI accelerators can expose
injection attacks. vehicles to hardware-specific
The integration of AI into vehicles unlocks transformative vulnerabilities.

capabilities but introduces significant risks.

 THE STATE OF AUTOMOTIVE C YBERSECURIT Y TOP SECURITY CONCERNS

1,564 Supply chain

vulnerabilities
CRITICAL CYBERSECURITY With suppliers and third parties deeply
CHALLENGES FACING integrated into the vehicle ecosystem,
ensuring security across every link in

SDVs
this intricate network is a formidable
challenge.

In an era where vehicles are becoming smarter and more connected,

308 Third-party integration
vulnerabilities
As vehicles depend more on external
software-defined vehicles (SDVs) face evolving and complex cybersecurity services, integrating third-party
challenges. A decade of vulnerability data highlights the domains and threats technologies has expanded the attack
most critical to address for a secure automotive future. surface, introducing unforeseen risks.

83% MOST VULNERABLE DOMAINS 15% 295 Vehicle hijacking

vulnerabilities
Exploits targeting SDV software can
Onboard systems Cloud infrastructure grant attackers remote control
From electronic control units (ECUs) to The increasing reliance on cloud-based services over critical vehicle systems,
infotainment systems and advanced for data processing and connectivity has jeopardizing both safety and security.
driver assistance systems (ADASs), resulted in more vulnerabilities in this domain,
onboard systems represent the largest exposing vehicles to potential Out of a total of 2,271 SDV-related
and most exposed domain. large-scale attacks. vulnerabilities published from 2014 to 2024
 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

2024
530
Automotive
Vulnerabilities 355
426

ON THE RISE
340
290
2019 266

This significant increase, particularly evident since

In 2024 alone,
2019, illustrates the growing complexity of
automotive vulnerabilities modern automotive systems. As vehicles become
were identified, more connected and reliant on software, their
attack surfaces continue to expand. This evolution
capping a significant increase in underscores the urgent need for comprehensive
vehicle-related security risks. security strategies to safeguard these increasingly
36
sophisticated systems from exploitation.
15
6 5
2
 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

THE VicOne estimated the financial impact of reported cyberattacks on the automotive industry,

Soaring Cost
focusing on three focus areas.

Cost
O F C Y B E R AT TAC K S 2022 2023 2024

Data leakage $4.0M $9.7B $20.0B

System
$802.7M $2.5B $1.9B
downtime

Ransomware
damage $242.8M $523.6M $538.2M

The sharp increase in cyberattacks during

the last quarter of 2024 significantly
TOTAL $1.0B $12.8B $22.5B
contributed to the surge in costs. Several
2023 2024
prominent automotive companies were
targeted, resulting in major data breaches These factors point to the escalating financial impact of cyberattacks on the automotive
that highlighted the critical importance of industry.
enhanced cybersecurity measures.
 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

EMERGING RISKS

Threats range from

KEY CHALLENGES basic attacks such as
unauthorized port
access to sophisticated
Evolving charging The increasing adoption of EVs brings exploits that disrupt
needs and user new demands, as users expect fast, communication via
behavior reliable, and secure charging solutions. radio frequencies.

Complex The EV charging network is an Real-world risks include

CHALLENGES AND RISKS IN ecosystem intricate web of interdependent power grid destabilization
players, including service providers, and data theft through

EV Charging
charging operators, e-roaming charging stations.
platforms, and grid operators.
Researchers have uncovered
Unique While widely adopted, flaws in protocols

With the rapid growth of electric vehicle (EV) adoption, security protocols like Open Charge using tools like V2GEvil,
standards Point Protocol (OCPP) demonstrating how hackers
the reliability and security of charging infrastructure still lack comprehensive could manipulate charging
have become pivotal to automotive cybersecurity. As security measures, leaving systems and even broader
EV usage expands, so too do the challenges and risks systems exposed. grid infrastructures.

associated with its ecosystem.

 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

INSIGHTS FROM THE Vehicle exploits

and vulnerabilities
Exploits can enable theft, sabotage, or
unauthorized control.

Underground Hacking tools

and tutorials
These lower entry barriers for attackers and
increase risks of exploitation.

Connected vehicle
Weak security in IoT devices and apps can
and IoT device expose vehicles to remote attacks.
exploits

Corporate espionage Insider threats bypass traditional

VicOne continuously monitors and insider threats security measures.

automotive-related discussions on
underground forums across the dark web and Leaked corporate
Unauthorized access can disrupt operations
credentials and
and steal sensitive data.
deep web to gather intelligence and anticipate access data
emerging threats. Our scanning of these
forums reveals the constantly evolving tactics Stolen intellectual These could lead to higher risks of counterfeit
property and parts, compromised software, and loss of
that attackers use to exploit vulnerabilities proprietary data competitive advantage.

in modern vehicles. Indeed, car theft has

advanced beyond traditional mechanical tools Stolen data markets
Data breaches damage trust and might lead
to regulatory penalties.
for breaking into locked vehicles.
 THE STATE OF AUTOMOTIVE C YBERSECURIT Y

Key Predictions for

2025
THE FUTURE OF
AUTOMOTIVE
CYBERSECURIT Y

As the automotive industry advances with technologies such as AI,

autonomous driving, and cloud connectivity, cybersecurity challenges
are growing more urgent and complex.

AI integration will introduce new Platform standardization will expose EV charging infrastructure will Autonomous vehicles will face risks
risks of unauthorized commands, data millions of vehicles to systemwide emerge as a hotspot for cyberthreats. like sensor manipulation. Attackers
breaches, and other cyberattacks. vulnerabilities. Interconnected supply EV charging networks will be targeted will deceive decision-making systems,
While AI will enhance vehicle functionality, chains will lead to more instances of for data theft, system hijacking, and causing accidents, disrupting traffic flow,
it will also open pathways for cyberattacks vulnerabilities, potentially affecting other cyberattacks, posing significant or disabling or rerouting critical fleets for
via third-party integrations. millions of devices and vehicles across security challenges. malicious purposes.
ecosystems.
Shifting
Gears
VicOne 2 0 2 5 A U T O M O T I V E
CYBERSECURITY REPORT

Unlock valuable insights into significant trends,

in-depth analysis, and expert recommendations
to help navigate the shifting landscape of
automotive cybersecurity.

Download the full report