Cars are no longer just cars. A modern connected vehicle runs more code than a passenger jet, exchanges data with cloud platforms constantly, and increasingly downloads its own updates over the air. That shift has turned vehicle cybersecurity from a niche engineering concern into a board-level priority for every OEM.
The stakes are commercial as well as physical. A single exploited vulnerability can ground a fleet, trigger a recall, or hand attackers a route into a manufacturer’s back-end systems. This post looks at why cyber risk is rising so fast, where the weak points sit in a typical vehicle, and what OEMs need in place to stay ahead of attackers and regulators alike.
Rising Cybersecurity Risks in Connected Vehicles
The numbers tell their own story. Upstream Security’s 2026 Global Automotive and Smart Mobility Cybersecurity Report found that AI-assisted exploit development has roughly doubled the volume of attacks against the industry over the past year. Application programming interface (API) incidents now account for 17% of all reported attacks, ahead of infotainment as an entry point, and 92% of attacks are carried out remotely rather than requiring physical access to the vehicle.
In-vehicle systems, the parts drivers touch every day, have become the single largest target, making up close to 40% of observed attacks according to separate research from VicOne. Ransomware has followed the same trajectory. Attackers have moved from targeting only manufacturer back-end systems to interfering directly with vehicle access, in some cases locking drivers out of their own cars until a payment is made.
Some of these incidents already have real-world consequences. In one widely reported case, a backend outage caused by a cyberattack left hundreds of US drivers unable to start their vehicles, some for several days, after connected devices defaulted into a locked compliance state when they lost contact with the manufacturer’s servers. Elsewhere, attackers have gained access to third-party service platforms used by manufacturers and stolen customer data rather than attacking the vehicle directly, showing that the vehicle itself is only one part of a much wider attack surface.
Key Security measures for Vehicle Cybersecurity
Protecting a connected vehicle means securing every layer of the system, from the wiring inside the car to the cloud platforms that manage it. Four areas matter most.
Common vulnerabilities in vehicles
The CAN bus, the network that lets a car’s electronic control units talk to each other, was designed decades ago with no authentication built in. Anyone who reaches it, through a headlight connector, an OBD port, or a compromised infotainment unit, can potentially inject messages that a vehicle will treat as genuine. Gateways are meant to separate safety-critical systems like brakes and steering from lower-risk systems like the radio, but a poorly configured gateway can let an attacker jump straight across that boundary.
APIs used by connected services, mobile apps, and fleet platforms are now just as attractive a target. Weak authentication, exposed identifiers, or credentials that are never rotated give attackers a route into vehicle functions without ever touching the car itself. Keyless entry systems and third-party platforms integrated into the ownership experience add further entry points that OEMs do not always fully control.
Encryption and authentication
Every message that moves between a vehicle and the outside world needs to be encrypted and authenticated, not just the messages a manufacturer considers sensitive. Over-the-air (OTA) updates are a particular focus. If the communication channel between update server and vehicle is not properly secured with mutual TLS, an attacker sitting between the two can intercept or alter the update before it reaches the car. Code signing closes part of that gap, but only if the signing keys themselves are tightly controlled. If those keys leak, an attacker can sign malicious firmware that the vehicle will accept as legitimate.
Strong authentication should also extend to the back-end. Credentials, tokens, and certificates used by APIs and cloud services need the same rigour as the vehicle’s own systems, since attackers increasingly go after the weakest link rather than the most obvious one.
Incident response planning
Detecting and reacting quickly to a cyberattack is now a specific regulatory expectation, not just good practice. CSMS requirements call for OEMs to monitor, detect, and respond to cyber threats and vulnerabilities across a vehicle’s life, and to analyse both successful and attempted attacks. In practice, this usually means running a vehicle security operations centre that watches fleet-wide telemetry for anomalies, has a clear escalation path when something looks wrong, and can push a fix quickly once a vulnerability is confirmed.
Speed matters as much as detection. A vulnerability that takes weeks to patch across a fleet gives attackers a wide window to exploit it at scale, particularly once technical details become public.
Vehicle Cybersecurity Regulatory Compliance
Vehicle cybersecurity is no longer optional from a compliance standpoint. UN Regulation No. 155, adopted under the UNECE WP.29 framework, requires manufacturers to hold a certified CSMS and pass cybersecurity type approval before a vehicle can be sold in more than 50 contracting markets. It has applied to all new vehicle types since July 2022 and to all new vehicles produced since July 2024, with Japan and South Korea following comparable timelines.
R155 works alongside the ISO/SAE 21434 engineering standard, which most manufacturers use to structure their threat analysis and risk assessment work. Together, they mean an OEM now has to prove, with evidence, that cybersecurity has been designed in from the start and maintained throughout the vehicle’s life, not bolted on after the fact.
Best practice for staying ahead of vehicle cybersecurity threats
Meeting the letter of R155 is the minimum bar. Manufacturers that treat cybersecurity as a genuine operating discipline tend to share a few habits. They build security into vehicle architecture from the earliest design stage rather than retrofitting it later. They maintain a software bill of materials so they know exactly what code, including third-party and open-source components, is running in every vehicle. They monitor shipped vehicles continuously rather than relying on periodic testing. And they hold suppliers to the same standard they hold themselves, since a vulnerability introduced two tiers down the supply chain is still the OEM’s problem once a vehicle is on the road.
Connectivity is what makes modern vehicles useful. It is also what makes them a target. Getting the balance right means treating security as part of the product, not an afterthought bolted onto it.
Expert Vehicle Cybersecurity Solutions
See how DriverConnect3 helps OEMs manage connected vehicle services securely.



