Automotive ISAC: 61% of Incidents Now Capable of Impacting Millions of Mobility Assets

The Automotive Information Sharing and Analysis Centre's April 2026 community call presented findings from monitoring hundreds of cyber incidents and tracking nearly 2,000 active threat actors targeting the mobility sector.

The headline figure is striking 61% of tracked incidents had the potential to impact thousands to millions of mobility assets. This is not a measure of incidents that did cause mass disruption, but incidents where the attack vector and target system would have allowed it. It signals a structural shift in how attackers are selecting targets away from isolated systems and toward infrastructure that connects large numbers of vehicles, users, or backend services simultaneously.

Ransomware accounted for 44% of all publicly reported incidents, with 68% of incidents involving data breaches. The Automotive ISAC noted that attackers are increasingly targeting backend systems and digital platforms rather than in-vehicle systems directly reflecting the reality that the most valuable and vulnerable targets are now in the cloud, not the car.

For compliance teams, this reinforces the importance of supply chain cybersecurity monitoring, backend API security, and vehicle security operations centre capability as core components of a mature CSMS not optional extensions.

Source: Automotive ISAC April 2026 Community Call