Automotive Industry Faces escalating Cyber attacks, Artificial Intelligence, and Hacking Incidents, resulting in substantial Financial Losses
The automotive industry is facing a significant shift as it races towards an era of software-defined vehicles, electric vehicles, and AI-powered systems. However, this transformation has brought forth a new set of challenges, particularly in the realm of cybersecurity.
In June 2024, a ransomware attack on a dealership software provider disrupted operations at over 15,000 North American dealerships, highlighting the potential vulnerabilities in the industry. The widespread use of AI is reshaping governance structures, raising questions about liability and risk management.
The VicOne 2025 Automotive Cybersecurity Report sheds light on several emerging risks and vulnerabilities, focusing on electric vehicles (EVs), AI systems, and in-vehicle infotainment.
Electric Vehicles (EVs) face increasing cybersecurity threats targeting their complex charging systems and supply chain components. The report notes a significant growth in attacks on electric vehicle supply equipment (EVSE), making multilayered cybersecurity protection essential to defend EV charging infrastructure from potential cyberattacks.
AI-powered vehicle systems, particularly smart cockpits and AI assistants, create new attack surfaces. Key vulnerabilities include risks of sensitive data leaks and manipulation through AI prompt injection or compromised AI workflow. VicOne recommends implementing secure AI design principles, such as limiting AI access only to essential data using encryption, access control, and real-time monitoring to prevent unauthorized use and data breaches.
In-Vehicle Infotainment (IVI) systems, often tightly integrated with vehicle networks, are prone to security breaches that could lead to unauthorized control or data theft. The report shows a 600% increase in vehicle-related cyberattacks over the past four years, with methods growing more sophisticated and scalable, increasing the vulnerability of infotainment platforms as entry points for attackers.
Other overarching vulnerabilities include the long lifespan of modern vehicles (12 to 15 years) extending cybersecurity considerations well beyond manufacturing, requiring ongoing protection strategies to safeguard brand reputation and operational resilience. The expanded attack surface due to software-defined vehicles demands continuous risk assessment across the entire supply chain, including third-party suppliers.
The latest vulnerabilities are increasingly concentrated in in-vehicle infotainment (IVI) platforms, operating systems, and electric vehicle (EV) charging infrastructure. In 2024, 530 automotive-related vulnerabilities were identified, nearly double the number recorded in 2019.
Security experts at Pwn2Own Automotive 2025, an elite cybersecurity competition held in Tokyo in January, discovered 49 unique zero-day vulnerabilities, mainly in in-vehicle infotainment systems and EV-charging networks. The severity of these threats was underscored at the event, underscoring the urgent need for proactive, multilayered cybersecurity solutions.
The growing attack surface raises urgent questions about how automakers, suppliers, and regulators will confront a challenge that is no longer theoretical—but increasingly inevitable. As the industry continues to evolve, so too must its cybersecurity strategies to ensure the safety and security of both vehicles and data.
- The VicOne 2025 Automotive Cybersecurity Report has identified electric vehicles (EVs) as increasingly vulnerable to cyberattacks, focusing on the complex charging systems and supply chain components.
- AI-powered vehicle systems, such as smart cockpits and AI assistants, are creating new attack surfaces, with risks of sensitive data leaks and manipulation through AI prompt injection or compromised AI workflow.
- In-Vehicle Infotainment (IVI) systems are prone to security breaches that could lead to unauthorized control or data theft, with a 600% increase in vehicle-related cyberattacks over the past four years documented in the VicOne report.
- Security experts at Pwn2Own Automotive 2025 discovered 49 unique zero-day vulnerabilities, primarily in in-vehicle infotainment systems and EV-charging networks, further underscoring the urgent need for proactive, multilayered cybersecurity solutions in the automotive industry.
