As vehicles become increasingly connected, software-driven, and dependent on cloud services, cybersecurity threats are emerging as one of the automotive industry’s most pressing challenges.
A new report from PCA Cyber Security suggests the problem is growing at an alarming pace, with automotive cyberattacks and vulnerabilities reaching new highs during the first quarter of 2026.
The company’s Q1 2026 Global Automotive Threat Intelligence Report highlights an industry facing a rapidly growing array of cyber threats.
The findings reveal a sharp rise in vehicle-related vulnerabilities, increasingly sophisticated attack methods, and real-world incidents that affected hundreds of thousands of vehicle owners.
The report arrives at a time when automakers are investing heavily in connected technologies, over-the-air updates, advanced driver-assistance systems, and software-defined vehicle architectures. While those innovations bring new capabilities, they also create additional entry points for cybercriminals.
Also Read: BYD Says It Will Accept Responsibility for Crashes Involving Its Self-Driving Systems
Record Number of Vehicle Vulnerabilities Identified
Among the report’s most striking findings is the discovery of 265 automotive-specific vulnerabilities, or Common Vulnerabilities and Exposures (CVEs), during the first quarter of 2026. Data compiled by PCA Cyber Security shows this represents a 102 percent increase compared with the same period a year earlier.
The report also notes that vulnerability levels rose 28 percent compared with the final quarter of 2025, highlighting the speed at which new security issues are being uncovered.
While not every vulnerability translates into a real-world attack, security researchers view the numbers as an indicator of growing complexity within modern vehicles. Today’s cars rely on millions of lines of code, cloud-connected services, smartphone integration, telematics systems, and increasingly sophisticated infotainment platforms.
As a result, cybersecurity experts are finding weaknesses in a broader range of systems than ever before.
PCA’s research found that in-vehicle and backend systems accounted for more than 81 percent of identified vulnerability targets during the quarter, emphasizing how deeply software is now integrated into vehicle operations.
Hackers Continue to Target Connected Vehicle Systems
The report suggests attackers are focusing on areas that offer the greatest potential impact, including telematics services, cloud infrastructure, infotainment systems, and charging networks.
One of the key concerns involves remote attacks. Industry research cited by WardsAuto earlier this year found that 92 percent of automotive cyberattacks were conducted remotely, with most requiring no physical access to the targeted vehicle or system.
That shift reflects the changing nature of modern automobiles. Vehicles are increasingly connected to mobile apps, cloud services, navigation platforms, and remote management tools. While these features improve convenience, they also expand the potential attack surface available to threat actors.
Cybersecurity professionals warn that a successful breach no longer requires direct access to a vehicle. In many cases, compromising a connected service or backend system can have far-reaching consequences.
Pwn2Own Automotive Reaches New Milestone
The growing attention surrounding automotive cybersecurity was also evident at the latest Pwn2Own Automotive competition in Tokyo.
PCA Cyber Security reported that the 2026 edition generated a record 73 competition entries and resulted in the discovery of 76 unique zero-day vulnerabilities. Researchers earned more than $1 million in prize money during the event, making it one of the most successful automotive-focused security competitions to date.
Pwn2Own events have become important testing grounds for identifying weaknesses before they can be exploited by malicious actors. Security researchers attempt to compromise connected vehicle technologies, charging systems, infotainment platforms, and other automotive software under controlled conditions.
The record-breaking results suggest both researchers and manufacturers recognize the increasing importance of cybersecurity as vehicles continue their transition into software-centric products.
Several notable vulnerabilities involved electric vehicle charging systems and infotainment technologies, two areas that have become major focal points for security researchers.
Real-World Attack Left Owners Stranded
While vulnerability statistics can seem abstract, the report highlights a real-world incident that demonstrated the practical consequences of automotive cyberattacks.
PCA documented a cyberattack targeting Delta Alarm, a connected vehicle service provider in Russia, that disrupted mobile app vehicle controls for hundreds of thousands of vehicle owners. The attack occurred in late January and reportedly left some users without access to connected vehicle functions for up to two weeks.
According to the report, partial functionality returned after approximately five days, while complete recovery took nearly two weeks.
The incident illustrates how cyberattacks can affect vehicle owners even when the vehicles themselves are not directly compromised.
As manufacturers continue introducing remote start systems, smartphone-based controls, digital keys, and cloud-managed features, backend infrastructure has become just as important as the hardware inside the vehicle. A disruption to those services can impact hundreds of thousands of users simultaneously.
Supply Chains Becoming a Major Target
The report also highlights growing concerns surrounding the automotive supply chain. Rather than targeting automakers directly, many attackers are focusing on suppliers, software vendors, service providers, and third-party partners. Those organizations often provide pathways into larger automotive ecosystems.
Among the incidents referenced in the report were ransomware attacks, cloud-service breaches, and large-scale data exposures affecting automotive businesses across multiple regions.
This trend mirrors findings from other cybersecurity organizations. VicOne’s 2026 Automotive Cybersecurity Report noted that cyber incidents increasingly affect multiple business units and supply-chain partners simultaneously, creating broader operational consequences across the industry.
Security analysts argue that protecting vehicles now requires securing every connected component within the automotive ecosystem, from cloud providers to software developers and hardware suppliers.
Why the Threat Is Growing
Several factors are contributing to the rapid rise in automotive cybersecurity risks. Software-defined vehicles are becoming standard across the industry, allowing manufacturers to deliver new features through software updates rather than physical hardware changes.
Connected services continue expanding, while electric vehicles introduce additional networked systems that require protection.
Researchers have repeatedly pointed to telematics platforms, cloud infrastructure, APIs, and charging networks as key areas of concern. WardsAuto reported that telematics and cloud systems were involved in 67 percent of automotive cyber incidents analyzed in a recent industry study.
At the same time, cybercriminals increasingly view the automotive sector as a lucrative target. Separate research from cybersecurity firm Halcyon found that ransomware attacks against automotive organizations more than doubled in 2025, accounting for 44 percent of publicly reported cyber incidents across the industry.
Cybersecurity Becomes a Core Automotive Priority
The latest findings underscore how cybersecurity is evolving from a technical concern into a business and safety priority for automakers worldwide.
Modern vehicles contain dozens of interconnected systems, and protecting those systems requires constant monitoring, testing, and software updates. Organizations such as the National Highway Traffic Safety Administration have repeatedly emphasized the importance of cybersecurity as vehicles become more connected and technologically advanced.
PCA Cyber Security’s latest report suggests the industry still has significant work ahead. With vulnerabilities rising, attack methods becoming more sophisticated, and real-world disruptions affecting vehicle owners, cybersecurity is no longer a future challenge. It is becoming one of the defining issues shaping the next generation of connected vehicles.
Also Read: Consumer Reports Names The Ford F-150 A Top Pick For 2026
