What's Happening?
Ransomware has emerged as the fastest growing and most disruptive cyber threat in the automotive sector, with attacks on carmakers more than doubling in 2025. According to a report by security vendor Halcyon, ransomware accounted for 44% of cyberattacks
on carmakers last year. The report highlights a strategic shift by cybercriminals who are increasingly targeting the automotive industry due to its rapid adoption of connected technology, reliance on cloud services, and extensive network of third-party suppliers. These factors have expanded the attack surface, making the industry a lucrative target. The report also notes that smaller suppliers, often with weaker security measures, have privileged access to original equipment manufacturers' (OEMs) IT systems, further increasing vulnerability. A notable incident involved Jaguar Land Rover (JLR), which suffered a ransomware-related production outage lasting five weeks, costing the company an estimated £108 million per week.
Why It's Important?
The surge in ransomware attacks on the automotive sector underscores the growing cybersecurity challenges faced by industries heavily reliant on technology and interconnected systems. The automotive industry's low tolerance for downtime makes it particularly vulnerable, as demonstrated by the significant financial impact on Jaguar Land Rover and its supply chain. The increasing frequency and sophistication of these attacks could lead to higher operational costs, disruptions in production, and potential reputational damage for carmakers. Additionally, the broader economic implications are significant, as disruptions in the automotive supply chain can have a ripple effect on related industries and the economy at large. This situation highlights the urgent need for enhanced cybersecurity measures and collaboration across the industry to mitigate risks.
What's Next?
To combat the rising threat of ransomware, Halcyon recommends that automotive sector IT teams implement several key strategies. These include patching perimeter and edge devices, deploying phishing-resistant multi-factor authentication, hardening endpoint detection and response tools, and maintaining offline backups. Additionally, establishing baseline security requirements for supply chain partners and deploying anti-ransomware solutions are crucial steps. As the threat landscape evolves, companies across the automotive supply chain must prioritize understanding their exposure, strengthening defenses, and preparing to respond effectively to potential attacks. Ongoing monitoring and collaboration with cybersecurity experts will be essential to staying ahead of cybercriminals.
