Upstream Security Releases 2021 Automotive Cybersecurity Report


Connected Vehicles Standards and Regulations, Covid-19, and the Deep and Dark Web


The annual report reveals automotive-related cyber threat trends and analysis in light of recently drafted and adopted cybersecurity standards and regulations as well as the COVID-19 pandemic; the report also includes a one-of-a-kind analysis of automotive cyber threats identified throughout the deep and dark web.

HERZLIYA, Israel – December 15, 2020 – Upstream Security, a leading provider of cloud-based automotive cybersecurity solutions, today released its 2021 Global Automotive Cybersecurity Report. The annual report shares in-depth insights and analysis derived by analyzing 633 publicly reported automotive cyber incidents spanning the last decade, highlighting vulnerabilities and threats identified during 2020.

For the first-time-ever, the annual report offers an in-depth mapping of all 2020 automotive cyber incidents to the threats listed in the UNECE WP.29 regulation as well as an analysis of the risk levels of specific incidents as required by the ISO/SAE 21434 regulation. The report also includes an inaugural segment focused on non-disclosed automotive-related cyber incidents discovered throughout the deep and dark web.

2020 has been a year of disruption in the automotive industry, both because of COVID-19 and the new automotive cybersecurity standards and regulations. The rising number of connected vehicles increases the entry points and vulnerabilities that hackers can leverage, and the ever-growing automotive cyber threat landscape continues to develop.

“With the continued rise of cyber attacks against the automotive industry and the regulatory requirements that were developed in response, now more than ever, OEMs and Tier-1 and Tier-2 automotive suppliers must take heed of the cyber threat landscape,” said Oded Yarkoni, Upstream Security’s VP of Marketing. “Knowing and assessing automotive cyber threats both on the surface and on the deep and dark web is the first step in developing an effective cybersecurity management system and complying with the cybersecurity demands of both regulators and consumers.”

Upstream’s 2021 Global Automotive Cybersecurity Report introduces key findings of the Upstream AutoThreat Intelligence research team as well as cybersecurity recommendations for automotive stakeholders:

  • Connected vehicles are here to stay: The rising number of connected vehicles leads to increased vulnerabilities and entry points for hackers to leverage; more than 200 automotive cyber incidents were publicly reported in 2020 alone.
  • Most automotive cyber hacks were carried out by hackers with malicious intent: In 2020, 55% of hacks were carried out by black-hat hackers to disrupt business, steal property, and demand ransom. 38.6% of hacks were committed by white-hat hackers and researchers, including those as part of an automotive bug-bounty program.
  • There was a growth of servers targeted in 2020: The three most common attack vectors over the last decade were servers, keyless entry systems, and mobile apps, with a 73% growth in server attacks in 2020. All three top attack vectors are attacked remotely, and as seen in 2020, 77.8% of all incidents were remote attacks.
  • The number of automotive-related CVEs is growing: To date, there have been 110 CVEs (Common Vulnerabilities and Exposures) related to the automotive industry, 33 in 2020 compared to 24 in 2019.
  • Theft of data and vehicles were among the top impacts of cyber attacks in 2020: 36% of incidents in 2020 involved data and privacy breaches, and 28% of incidents involved thefts or break-ins.
  • Standards and regulations indicate an industry-wide recognition of cyber threats: When mapping cyber incidents from 2020 to threats indicated by the UNECE WP.29 regulation, 89.9% of incidents related to threats to vehicles regarding their communication channels and 86.7% related to threats to vehicle data/code, the top two threat categories.
  • While COVID-19 slowed down many automotive operations, cyber attacks were on the rise: OEMs and automotive suppliers were prime targets during the pandemic, with a cyber attack even shutting down a major OEM. The pandemic also led to factory closures, assembly-line shutdowns, supply chain interruptions, and even some OEMs pivoting their activities altogether.
  • The deep and dark web contains a noticeable amount of automotive-related hacks and threats: The most frequent and significant automotive hacks discussed on the deep and dark web include ECU tuning, infotainment hacking, selling stolen identities to access OEM and smart-mobility accounts, and leaking automotive source code or data.
  • Automotive cybersecurity has been recognized as vital: The automotive cybersecurity market is expected to grow over the next decade, with OEMs recognizing that security-by-design, automotive cyber threat intelligence, and a well-established VSOC (vehicle SOC) with an integrated cybersecurity solution is integral to the safety and security of their vehicles and assets.

A full copy of the free report is available for download at the Upstream Security website:

Request access to Upstream AutoThreat Intelligence:

About Upstream Security:

Upstream Security offers a cloud-based automotive cybersecurity and data analytics platform purpose-built for connected vehicles and smart mobility services. Upstream’s platform fuses machine learning, data normalization, and digital twin profiling technologies to detect anomalies in real-time using existing automotive data feeds. Coupled with AutoThreat Intelligence, the first automotive cybersecurity threat intelligence feed, Upstream provides unparalleled cybersecurity and data-driven insights, readily available and seamlessly integrated into the customer’s environment.

Upstream is privately funded by Alliance Ventures (Renault, Nissan, Mitsubishi), Volvo Group, Hyundai, Nationwide Insurance, Salesforce Ventures, CRV, Glilot Capital Partners, and Maniv Mobility.

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Upstream Welcomes ex-Fujitsu Executive to Expand Operations in Japan

Mr. Toshiya Sato will spearhead Upstream’s accelerated growth in the region; Upstream also releases the Japanese edition of its 2024 Global Automotive Cybersecurity Report 日本語プレスリリ�

More Details

Upstream Security and Drivesec Team Up to Offer Automated Penetration Testing with Real-time Threat Monitoring for Automotive and IoT

The joint offering expands and automates cyber risk assessments, testing, and compliance with product-driven threat intelligence as well as detection & response Torino, Italy &…

More Details

Upstream Security Receives Investment from Cisco Investments as the Demand for IoT Cybersecurity Soars

Connected vehicles and mobile IoT devices introduce additional layers of cyber risks, posing threats to operational availability and sensitive data security Read more on Cisco’s…

More Details

Upstream unveils Ocean AI to improve investigations and mitigation of complex cyber attacks

Upstream’s Ocean AI powers the next generation of the mobility and vehicle security operations center (vSOC), delivering unprecedented efficiencies, scalability, and optimizations Ann Arbor, MI&hell

More Details

Upstream Security Named Newest Member of CLEPA, the European Association of Automotive Suppliers

Upstream joins world-leading experts in contributing insight on critical policies in the field of cybersecurity in automotive Herzliya, Israel – March 14, 2024 – Upstream…

More Details

Upstream’s New 2024 Automotive Cybersecurity Report is Officially Released

Latest insights show that high-scale cyber incidents doubled in 2023, with attacks growing in sophistication and magnitude Ann Arbor, MI – February 7, 2024 –…

More Details