What 2026 holds for automotive cybersecurity
What 2026 holds for automotive cybersecurity
https://www.evinfrastructurenews.com/ev-technology/what-2026-holds-for-automotive-cybersecurity
Publish Date: 2025-12-31 10:20:00
Source Domain: www.evinfrastructurenews.com
Using an unordered list, summarize the following article with between 4 and 8 key points. In this contributed article, Claire Maslen, senior vice president of commercial and operations at telecoms and cybersecurity firm Trustonic, explores why secure-by-design, OTA security, supply-chain resilience, and the use of AI in both attack and defence will define the year ahead for OEMs.The past year has confirmed that cybersecurity is now an integral part of everyday automotive safety. Throughout 2025, we saw an increasing number of attacks on vehicles and their surrounding systems, and there is no indication that this will slow down in 2026. Modern cars are built on layers of software, cloud connections and wireless features. Although these advancements offer huge benefits, they also open up more avenues for attackers to exploit. Break-ins to vehicle control systems, theft of driver data and attacks that can bring entire production lines to a standstill once seemed like far-fetched scenarios, but they are now very real threats for manufacturers. A few high-profile ransomware incidents this year, for example the cyber-attack on Jaguar Land Rover (JLR) in September which halted production for nearly six weeks, have served as a strong reminder of how fast the repercussions can spread through global operations. As the industry gears up for the next 12 months, the major concern for manufacturers isn’t whether threats will grow, but instead how quickly they will do so and what this means for the teams responsible for keeping vehicles and drivers safe.Related:UK EV charging infrastructure review: policy and technology trends in 2025Regulation tightens and manufacturers reprioritise In 2026, we’ll see a lot of the global regulatory efforts that began in previous years really start to take effect. Frameworks such as UNECE WP will push for tangible changes in how manufacturers structure their operations, design their systems and work with suppliers. This will turn cybersecurity into a joint responsibility, rather than something that is only addressed at the end of development. Manufacturers will need to prove they have considered the entire lifecycle of a vehicle, from sourcing components and building software to delivering updates and monitoring risks long after a car rolls off the assembly line. Secure-by-design becomes an expectation As the software-defined vehicle market keeps expanding, the idea of secure-by-design has changed from being a ‘nice-to-have’ to an absolute necessity. When nearly every feature in a car relies on software, security cannot be an add-on that isn’t considered until after the engineering phase is complete. Related:The EV service stations of tomorrow: What drivers can expect in 2026Encouragingly, we’re already seeing a change in how teams think about things. Now, security requirements are being factored in alongside user experience, performance and cost, and this is influencing everything from vehicle architecture to testing methods and choice of suppliers. In 2026, the companies that bring their security and engineering teams together much earlier in the development process will be the ones that really stand out. OTA updates Over-the-air [OTA] updates have become a standard part of owning a vehicle, instrumental in fixing bugs, rolling out new features and allowing manufacturers to respond to vulnerabilities quickly. However, as OTA updates become more common, the channels used for them are also becoming targets. Attackers are continuously looking for ways to intercept updates, spoof legitimate messages or inject malicious code. For manufacturers, the challenge in 2026 will be to maintain the convenience and flexibility of OTA updates, while ensuring a stronger security framework around the entire update process, from cloud servers to the vehicle’s own verification systems. A weaker supply chainWhile the automotive supply chain has never been straightforward, as the industry moves towards a more software-driven approach, it’s becoming increasingly vulnerable. Just one compromised component or supplier can cause delays, recalls or security issues that impact multiple vehicle lines. Related:Ford to take US$19.5 billion loss as it downsizes EV capacity, turns to energy storage marketThis is forcing manufacturers to look more closely at how they evaluate suppliers, how much insight they have into third-party code and how quickly they can respond if a partner flags a problem. Supply-chain cybersecurity has gone from being a behind-the-scenes issue to a crucial factor that impacts production continuity and brand trust, and this will only become more apparent in 2026. AI changes the pace of attack and defenceArtificial intelligence is introducing a new layer to the cybersecurity challenge. Attackers are using AI tools to map potential targets at lightning speed, creating more convincing phishing attempts and identifying vulnerabilities with significantly less manual effort. At the same time, AI is stepping up to help defenders identify unusual behaviour sooner, streamline parts of incident response and handle huge amounts of data generated by today’s vehicles and their supporting systems. Organisations that understand how to effectively combine AI’s capabilities with human insight will have a noticeable edge as the threat landscape continues to grow. Forecasting 2026There’s no doubt that the coming year will be challenging for automotive. Vehicles are becoming increasingly connected, regulations are tightening and attackers are getting more sophisticated. The good news is that the industry is already showing the intention and willingness to meet these challenges. By viewing cybersecurity as a joint responsibility that involves everyone from engineers and suppliers to executives and customer teams, manufacturers can produce vehicles that are not only innovative but resilient against bad actors. Companies that choose to invest now, instead of waiting for the next crisis, will be the ones that determine what safe and trusted mobility looks like in 2026 and beyond.
