2026 Global Automotive and Smart Mobility Cybersecurity Report

AI is reshaping cybersecurity risk at scale

Upstream’s researchers analyzed 494 publicly reported
Automotive and Smart Mobility cybersecurity incidents in 2025

Ransom related incidents more than doubled compared to 2024, accounting for 44% of all incidents


71%

of incidents were attributed to black hat threat actors, up from 65% in 2024, fueled by a sharp increase in activities of well-organized groups

61%

of incidents had the potential to impact thousands to millions of mobility assets, with 20% classified as massive-scale incidents

67%

of incidents stemmed from telematics and cloud; 68% of incidents led to data or privacy breaches, whereas 34% led to service or business disruptions

The 2026 Report Highlights

AI is reshaping the Automotive cybersecurity attack surface

The rapid adoption of AI, including Generative AI and large language models, is fundamentally changing how cybersecurity risks emerge in Automotive and Smart Mobility environments. AI-driven systems now span vehicles, cloud platforms, backend services, and APIs, creating dynamic, context-aware attack paths that evolve continuously.

Ransom related incidents surged

Ransom attacks intensified significantly in 2025, building on trends observed in prior years but growing materially in scale and operational impact. Ransom related incidents accounted for 44% of all reported incidents, doubling in number vs. 2024 and reflecting the continued industrialization of cybercrime. As organized threat actors increasingly exploited AI-driven backend platforms and APIs, ransom incidents shifted from isolated disruptions to ecosystem-level events capable of impacting operations, services, and mobility data at scale.

Deep and dark web activities are reshaping the threat landscape

Deep and dark web ecosystems have become a critical force in Automotive and Smart Mobility cybersecurity risk, enabling attackers to coordinate, monetize, and amplify attacks at scale. Organized threat actors increasingly leverage specalized forums, leak sites, and messaging channels to trade access, exploit backend systems and APIs, and operationalize ransomware campaigns. This activity accelerates the spread of disruption across vehicles, cloud platforms, and third-party services, turning vulnerabilities into ecosystem-level risk.

Get a Historical Perspective

Upstream’s 2025 Global Automotive Cybersecurity Report

Download Report

H1'2024 Report: Automotive IoT Cyber Risks

Download Report

Upstream’s 2024 Global Automotive Cybersecurity Report

Download Report

Upstream’s H1 2023 Automotive Cyber Trend Report

Download Report

Upstream’s 2023 Global Automotive Cybersecurity Report

Download Report