Cybersecurity in Motion: Securing the Future of Connected Mobility

Cybersecurity in Motion: Securing the Future of Connected Mobility

By Patrick Faye, Head of Cybersecurity at UTAC

The automotive and transport sectors are undergoing one of the most significant transformations in their history. Vehicles are no longer defined purely by mechanical engineering, but increasingly by software, connectivity and data.

As the industry moves towards the software-defined vehicle and a fully integrated digital mobility ecosystem, the pace of innovation is accelerating rapidly. But with that progress comes a new reality – mobility is no longer simply a matter of hardware, performance and infrastructure. It is now deeply dependent on connected digital systems, and those systems must be protected if they are to operate safely, reliably and efficiently. Cyber incidents in automotive and transport are therefore no longer a peripheral technical concern. They represent a genuine operational, commercial and, in some cases, safety risk. The challenge is not only that attacks are increasing in number, but that the threat landscape is becoming broader, more organised and more deeply embedded across the ecosystem.

Upstream’s recent 2026 report¹ recorded 494 publicly recorded automotive and smart mobility cybersecurity incidents in 2025, with ransomware-related cases accounting for 44% of them, while 71% of incidents were attributed to black hat actors. Those figures matter not because they tell the whole story, but because they underline how quickly cyber risk in mobility is maturing and scaling.

What UTAC’s specialist cybersecurity team sees in practice is a fundamental shift in how these threats are emerging. Attacks are increasingly remote, increasingly targeted at backend systems and cloud infrastructure, and increasingly focused on data, identity, service continuity and fleet-level disruption rather than the individual vehicle in isolation. Modern vehicles are now nodes within a much larger digital architecture that includes cloud platforms, backend environments, mobile applications, customer interfaces, over-the-air update mechanisms, EV charging infrastructure, fleet systems and wider mobility services.

As a result, cyber vulnerabilities can have consequences far beyond the digital layer in which they originate. A weakness in a cloud platform, a telematics service or an API can quickly become a much wider operational issue, affecting not only data privacy and business continuity but also the resilience of transport networks and connected infrastructure. This is one of the defining characteristics of today’s threat landscape – the point of compromise and the point of impact are often no longer the same. Recent events have shown how real that risk has become. The cyber incident that hit Jaguar Land Rover in September 2025 was a wake-up call not only for the manufacturer in question, but for the wider automotive supply chain, underlining how a single cyber event can disrupt production, operations and confidence across an interconnected industry.

The transition to software-defined vehicles is accelerating both opportunity and risk. Manufacturers are creating richer digital experiences, more connected services and more intelligent vehicle functions, but in doing so they are also expanding the attack vulnerabilities. Artificial intelligence is now adding another layer of complexity too. It is already being introduced across mobility systems, backend platforms and customer-facing services, and while it offers significant potential in efficiency, automation and defensive capability, it also creates new vulnerabilities and more fluid attack paths across connected environments. Upstream’s latest work makes that point clearly, particularly in relation to AI-driven architectures, cloud backends and API-led ecosystems.

This is why cybersecurity can no longer be treated as something to be added once development is complete. It must be designed in from the outset and managed continuously across the vehicle lifecycle. It also must be addressed across the whole ecosystem, because the modern mobility environment does not stop at the vehicle itself. It extends into software supply chains, connected services, charging infrastructure, operational platforms and every interface between them.

That is also why regulation has become so important. Requirements such as UNECE WP.29 R155² have helped establish that manufacturers must be able to demonstrate robust cybersecurity management, secure update capability and continuous monitoring as a condition of market access. More broadly, the direction of travel is clear – cybersecurity is no longer just an engineering issue or an IT issue, but a core requirement of quality, trust and long-term competitiveness. McKinsey made a similar point in its 2020 report³ when it described cybersecurity as a new dimension of quality in the automotive industry, and that observation feels even more relevant now than it did then.

At the same time, cyber incidents are no longer confined to the digital realm. They can lead to production disruption, service outages, commercial losses, reputational damage and, in some circumstances, direct implications for vehicle operation and transport resilience. As vehicles become more connected, more electrified and more software-dependent, cybersecurity becomes increasingly inseparable from operational resilience.

In this environment, independent testing and validation are essential. Cybersecurity in mobility cannot be assessed purely in theory or through isolated software review. It has to be tested in conditions that reflect how vehicles and systems behave in the real world, including connectivity layers, infrastructure interactions, software updates and the relationship between digital functions and physical performance.

That is where UTAC’s specialist cybersecurity team has a distinctive role to play. We provide an environment in which the gap between digital systems and physical performance can be bridged through advanced facilities, real-world simulation capabilities and specialist expertise. By enabling the testing of vehicle systems, connectivity and infrastructure interactions, UTAC helps ensure that vehicles, fleets and mobility systems are secure by design rather than secure by assumption.

The convergence of connectivity, electrification and autonomy has transformed transport into a digital system, and that makes cybersecurity one of the defining challenges of modern mobility.

In a connected world, mobility is only as resilient as the systems that support it. That is why cybersecurity is rapidly becoming one of the factors that will define not only how safely vehicles operate, but how successfully businesses compete in the years ahead. For automotive suppliers operating in the European market, that challenge is also being reinforced by a widening regulatory framework. Alongside UNECE requirements, the EU Cyber Resilience Act introduces a broader product-security framework for products with digital elements placed on the European market, strengthening expectations around secure development, vulnerability handling and lifecycle accountability. With the Act already in force, reporting obligations beginning on 11 September 2026 and the main obligations applying from 11 December 2027, it is becoming an increasingly important part of the compliance landscape for connected mobility businesses.

UTAC’s Top 10 Vehicle Cybersecurity Checklist

1. Keep vehicle software up to date and install OTA updates promptly
2. Use strong passwords and enable two-factor authentication for apps
3. Protect digital keys and avoid sharing access casually
4. Avoid connecting to untrusted Wi-Fi or Bluetooth devices
5. Use trusted EV charging networks and infrastructure
6. Monitor for unusual vehicle or app behaviour
7. Respond quickly to recalls and security alerts
8. Limit data sharing via infotainment and apps
9. Avoid unverified aftermarket devices such as OBD dongles
10. Wipe all personal data before selling or transferring your vehicle

ENDS

Sources

¹ https://upstream.auto/ty-upstreams-2026-automotive-smart-mobility-global-cybersecurity-report/?utm_campaign=36024334-2026%20Global%20Automotive%20Cybersecurity%20Report&utm_medium=email&_hsenc=p2ANqtz-9ErpWyEn7DKAWy4Xn-VzxNZAMNeLAxK2Of6eK-zRhmX9zITi0Ev54GB_AtpHWFBxKq5t8Q-RLfhz0DgZOYeZRosoiojY65RcIQ6znWpDFEW5gd18Y&_hsmi=401764876&utm_content=401764876&utm_source=hs_automation&hsCtaTracking=a0c98309-7826-4d8f-ac6a-e577d5afd9ae%7C1bdd0f90-92ed-4afd-bc92-2aae4fe6902b

² https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security

³ https://www.mckinsey.com/~/media/mckinsey/industries/automotive%20and%20assembly/our%20insights/cybersecurity%20in%20automotive%20mastering%20the%20challenge/cybersecurity-in-automotive-mastering-the-challenge.pdf