Ransomware attacks targeting automotive and smart mobility more than doubled in 2025, accounting for 44 per cent of all incidents, according to Upstream’s 2026 Global Automotive and Smart Mobility Cybersecurity Report.
The Birmingham, Michigan-based cybersecurity firm analyzed 494 publicly reported incidents worldwide and found what it describes as a “material escalation” in risk, driven by expanded APIs, AI-driven architectures and increasingly organized threat actors.
“AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world,” said Yoav Levy, Co-Founder and CEO of Upstream, in a statement.
The report found 92 per cent of automotive cyberattacks were conducted remotely, with 86 per cent requiring no physical proximity to vehicles or systems. Sixty-seven per cent involved telematics and cloud systems, while 68 per cent involved data and privacy breaches.
The report highlights how ransomware is expanding beyond enterprise systems into vehicles themselves. In one mid-2025 incident, attackers accessed remote vehicle command and control systems via a companion app, locked owners out and demanded payment to restore access.
Upstream also found 61 per cent of incidents had the potential to affect thousands to millions of mobility assets, with 20 per cent classified as massive-scale events.
The findings underscore the operational and reputational risks tied to connected vehicles, over-the-air updates and cloud-based retail systems. As vehicles become more software-defined, cybersecurity resilience is becoming a larger issue.
