Ransomware attacks on automotive and smart mobility more than doubled in 2025

SHIBUYA, Japan, May 26, 2026 /PRNewswire/ -- Upstream, the leading AI-powered cybersecurity detection and response platform (XDR) purpose-built for connected vehicles, physical AI, and smart mobility, released today its 2026 Global Automotive and Smart Mobility Cybersecurity Report. Now in its eighth year, the report reveals a material escalation in cybersecurity risks across Automotive and Smart Mobility. This is driven by the rapid expansion of APIs and AI-driven architectures, alongside the increased sophistication of organized threat actors. Together, these forces are widening the gap between adversary capability and the industry's current cybersecurity posture, with ransomware continuing to emerge as one of the fastest-growing and most disruptive attack types in 2025.

Analyzing 494 publicly reported cybersecurity incidents from 2025 within the Automotive and Smart Mobility ecosystem worldwide, the report recognizes two converging trends reshaping automotive cybersecurity.

AI as a Double-Edged Sword

AI architectures have dramatically expanded the attack surface, introducing new entry points and systematic exposures across the entire ecosystem.
"The automotive industry is an early adopter of Physical AI, and as AI capabilities rapidly expand across markets, it now serves as the reference architecture for safety-critical, highly connected systems," said Yoav Levy, Co-Founder and CEO of Upstream. "However, AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world. Our 2026 report shows that AI significantly expands the cybersecurity attack surface, as traditional perimeter defenses no longer suffice when AI systems adapt dynamically and directly influence physical outcomes."

Ransomware Drives Cyber Escalation

Financially motivated, well-resourced, and coordinated attack groups are increasingly targeting the sector, causing a major escalation in ransomware attacks that can translate into billions of dollars in operational and economic losses.
The report also found that 2025 saw a sharp rise in large-scale, coordinated attacks by organized threat actors on the Automotive and Smart Mobility ecosystem, with increasingly severe operational disruption, financial damage, and reputational consequences. The report highlights that ransomware attacks increased significantly as part of this broader escalation in cyber activity, with 44% of attacks being ransomware-related, more than double the volume than in 2024.

Furthermore, ransom attacks are now expanding beyond IT and enterprise systems into the actual vehicles, as shown in mid-2025 when attackers accessed remote vehicle command & control systems (via the companion app), locked owners out, took remote control of functions like ignition and door locks, and demanded ransom payment to restore access.

Additional Findings and Insights

• 71% of incidents were attributed to black hat actors, up from 65% in 2024.
• 92% of automotive cyber attacks were conducted remotely, of which 86% required no physical proximity to vehicles and systems.
• 67% of incidents involved telematics and cloud systems as attack vectors; however, APIs continue to serve as the nervous system of the Automotive and Smart Mobility ecosystem and the enabler of a significant portion of incidents.
• 68% of incidents involved data and privacy breaches, while 34% of incidents were focused on business and operational disruption.
• 61% of incidents had the potential to impact thousands to millions of mobility assets; 20% were massive-scale events.

The report also includes a comprehensive analysis of deep and dark web activity related to automotive-specific cyber threats, a review of relevant regulatory developments, and an examination of how AI is being incorporated into cybersecurity resilience.

Learn more at www.upstream.auto