Ransomware in Automotive Doubled in 2025 - What It Means for Your CSMS

Upstream Security's 2026 Global Automotive and Smart Mobility Cybersecurity Report makes for sobering reading. Analysing nearly 500 publicly reported incidents from 2025, the report found that ransomware-related incidents accounted for 44% of all reported cases - double the number recorded in 2024.

The shift is significant. Ransomware in automotive is no longer isolated to IT systems. Attacks are now targeting backend platforms, APIs, and connected services in ways that create fleet-level operational disruption rather than single-point failures.

For engineers and compliance teams, this reinforces something ISO/SAE 21434 already requires but many organisations underinvest in post-development cybersecurity monitoring and incident response. A CSMS that only covers the development lifecycle is no longer sufficient. Ongoing threat monitoring, vulnerability disclosure processes, and defined incident response procedures are now operational necessities, not compliance checkboxes.

Source: Upstream Security 2026 Global Automotive and Smart Mobility Cybersecurity Report