Technology has become an indispensable part of the auto industry, and its scope continues to grow with the rise of artificial intelligence and other innovations.

But with that growth comes the growth of cybersecurity threats.

Automotive cybersecurity firm VicOne explored those threats, along with trends, predictions and recommendations, in Shifting Gears: VicOne 2025 Automotive Cybersecurity Report, an in-depth analysis that found concerning signs for the global automotive industry in 2025, the company said.

The report showed the estimated cost of automotive cyberattacks rising drastically just in the past three years, from about $1 billion in 2022 to $22.5 billion in 2024. Last year’s losses included $20 billion in data leakage, $1.9 billion in system downtime and $538 million in damage from ransomware incidents, according to VicOne’s data.

The company noted those numbers only account for the tangible costs related to technology and operations. They don’t include intangible recovery costs such as the branding, public relations, sales and marketing efforts required to deal with the aftermath of those attacks.

The report said the rapid rise of cyberattack costs reflects the industry’s growing appeal to cybercriminals as a lucrative target.

VicOne recorded 215 automotive cybersecurity incidents in 2024, with cloud and back-end systems as the most frequent targets through ransomware attacks, data breaches and social engineering or phishing attacks, as well as a record-high 530 vulnerabilities in the industry, up 24% from the previous year.

The report also said criminals “clearly targeted” automotive suppliers and third-party providers of components last year as “the weak link to exploit” in the tightly integrated industry. Those attacks included the ransomware incident that disabled CDK’s dealership software in June which VicOne said disrupted operations at more than 15,000 North American dealerships.

The report also studied issues within vehicles as they become more reliant on software and AI, finding 77% of all industry vulnerabilities were found on onboard or in-vehicle systems. Those issues can allow criminals to steal data or the vehicles themselves.

While AI enhances in-car features and operational efficiency, it also introduces fresh vulnerabilities that challenge traditional security methods, VicOne said. Increasing adoption of electric vehicles has exposed weaknesses in charging infrastructure such as unsecured payment protocols and outdated communication standards that can potentially affect the vehicles as well as power grids.

“We are amid a transformative era of mobility, as innovations such as AI are helping automakers differentiate their vehicles, accelerate time to market and enhance customer experience,” VicOne CEO Max Cheng said. “A proactive, multilayered approach to cybersecurity across all levels of the supply chain will help the automotive industry stay ahead of evolving threats and thrive in pursuing the unprecedented opportunities ahead.”

The full report can be downloaded here.