Ransomware attacks more than doubled in the automotive industry last year, with latest research suggesting they accounted for 44% of all publicly reported cyber incidents across the industry.
Those are among the findings of a study by cybersecurity company Halcyon, which said the surge in attacks identifies the automotive industry as a lucrative target for criminals.
In its April 15 report titled “Forty-Four Percent and Rising: Ransomware Footprint is Expanding in the Automotive Industry,” the company cited the industry’s rapid adoption of connected technologies growing reliance on cloud services and a sprawling network of third-party suppliers that makes it more vulnerable to ransomware attacks.
One of the clearest examples of such an attack saw Jaguar Land Rover forced into a month-long global shutdown of production costing the automaker around $2.67 billion in lost revenues last autumn.
Halcyon’s analysis was led by Cynthia Kaiser, the former Deputy Assistant Director of the FBI’s Cyber Division, who WardsAuto caught up with recently at a conference in London to find out more.
Kaiser, who served for 20 years with the FBI and is now SVP of the Ransomware Research Center at Halcyon, said the dramatic rise in attacks against automotive companies begged the question, why was this happening?
It’s a story of a burgeoning mass of data that automotive companies now handle that attracts cybercriminals, she said.
Having seen both her parents working for General Motors in Detroit, the issue became a personal one for Kaiser. “I understand the sector and how entire communities are centered around either the original equipment manufacturer or suppliers,” she said.
As highlighted in her report, one of the main reasons for increasing attacks seen in the auto industry is the rise of the connected vehicle, the use of cloud platforms and over-the-air updates.
“When we look across that in 2025, we saw almost 70% of cases were using these facilities, offering more connected ways for them to conduct their attacks,” Kaiser said.
Threat from suppliers
Suppliers, too, present an attractive oppourtunity for cyber criminals, especially those companies that cannot afford the sort of sophisticated computer power deployed by their OEM customers.
“Smaller suppliers, who often maintain privileged access to the OEMs, they don't necessarily have the budget for the kind of cybersecurity that a Volkswagen or General Motors or a Ford would be able to put in place,” Kaiser said. “So, you know, you have this convergence of privileged access without necessarily having the budget for the needed security, especially given how ransomware has changed to become more dangerous in the last two years,” she added.
Another major risk is the auto sector becoming much more tightly integrated, especially across manufacturing processes, she said. “The adversaries understand that if they cause outages or production halts, that I can rapidly create substantial financial loss, and that’s who they target,” said Kaiser. “They think ‘Now, this is where I know I’m having a massive impact for just one day of downtime, two days of downtime,’ and they think that that’s going to result in a bigger payout and more willingness to pay,” she added.
Preparing for attacks
Automakers and suppliers need to start with the basics, and that’s about protecting the identity of who is working in the companies, said Kaiser. “It’s things like the usernames and passwords, because simple things like those pave the way for you to get onto a system, and those can be exploited,” she said.
“So, protecting that identity, like having multi-factor authentication, complicated passwords and the like, is important,” Kaiser said.
However, companies have to accept they will be hacked at some point and should spend time developing systems that quickly recognize unusual activity, according to Kaiser. “Really, investing more in ways that help you in detecting adversary activity once it's on a network -- that's where the weight of investment at this point really should be,” she added.
Of course, the spread of artificial intelligence will make cracking auto companies’ security systems much easier, but reacting quickly to the attack can greatly mitigate the damage a company suffers, stressed Kaiser.
“If you know what's happening on your system and you have tools that help you detect and kick people out, then you can kick them out quick,” she said.
