Ransomware attacks more than doubled in the automotive industry last year, with latest research suggesting they accounted for 44% of all publicly reported cyber incidents across the industry.

Those are among the findings of a study by cybersecurity company Halcyon, which said the surge in attacks identifies the automotive industry as a lucrative target for criminals, according to Wards Auto.

In a report published last month entitled “Forty-Four Percent and Rising: Ransomware Footprint is Expanding in the Automotive Industry,” Halcyon cited the industry’s rapid adoption of connected technologies growing reliance on cloud services and a sprawling network of third-party suppliers that makes it more vulnerable to ransomware attacks.

One of the clearest examples of such an attack saw Jaguar Land Rover forced into a month-long global shutdown of production costing the automaker around $2.67 billion in lost revenues last autumn.

Halcyon’s analysis was led by Cynthia Kaiser, the former Deputy Assistant Director of the FBI’s Cyber Division.

Automakers and suppliers need to start with the basics, and that’s about protecting the identity of who is working in the companies, said Kaiser. “It’s things like the usernames and passwords, because simple things like those pave the way for you to get onto a system, and those can be exploited.” .

“So, protecting that identity, like having multi-factor authentication, complicated passwords and the like, is important,” Kaiser said.

However, companies have to accept they will be hacked at some point and should spend time developing systems that quickly recognize unusual activity, according to Kaiser.

“Really, investing more in ways that help you in detecting adversary activity once it’s on a network – that’s where the weight of investment at this point really should be,” she added.

Cybersecurity expert Peter Simm of Mobius Networks told Highways News.

“Tier one supply is cyber-secure, so it’s assumed that the supply chain is secure, but the last three breaches in the NHS have been with tier three or four suppliers. That’s why zero trust is gaining popularity but implementing it is unpalatable.” 

“Cybercriminals use fear and emotion to get their target to pay up quickly to reduce exposure and/or downtime,” Lyons continues. “Imagine if all of the traffic lights in London went to red, or all of the enforcement cameras stopped working, or all of the fuel stations and EV chargers stopped, or there was a massive power surge caused by millions of devices demanding power simultaneously, the list goes on… what impact will that have to lost revenue? Would it be cheaper to pay the cybercriminal?”

Meanwhile, new research from Beazley reveals that cyber risk remains the top concern for transport sector leaders, as businesses grapple with an increasingly complex and fast-moving digital threat landscape.

Based on a survey of 3,500 global business leaders, including senior executives acrossthe transport industry,the findings show how cyber risk has become a business-wide issue, capable of disrupting operations and driving financial losses across supply chains. This is being further intensified by the rapid adoption of AI and other advanced technologies.

While cyber risk is firmly established as a leading concern, the data also highlights a disconnect in how businesses perceive their resilience. Many organisations report high levels of preparedness and confidence in their ability to recover, despite recognising the growing scale and sophistication of cyber threats.

Across industries, resilience is increasingly defined not by whether disruption occurs, but by how far it spreads, how long it lasts and how quickly organisations can recover – a definition that contrasts with the high levels of confidence many businesses express in their cyber resilience.

This overconfidence is particularly evident in sectors heavily reliant on supply chains, such as manufacturing, where despite 87% feeling resilient against cyber threats, ransomware attacks result in an average of 11.6 days of business downtime and a 6-18+ month impact timeline.

Alessandro Lezzi, Group Head of Cyber Risks at Beazley, commented:

“What stands out in this year’s Risk & Resilience survey findings is a growing misalignment between cyber and tech risk concern and perceived perception of resilience to these risks. While cyber risk is widely recognised as the number one threat facing businesses globally, 83%of transport businessesbelieve they could fully recover financially from a cyber attack, demonstrating manyorganisations are overestimating their preparedness to withstand the full impact of an attack across all corners of their operations.

“That gap matters because cyber risk is becoming more systemic – the high profile incidences in 2025 only prove this. As businesses become more interconnected and adopt technologies such as AI, disruption can spread faster across organisations and supply chains making incidents harder to contain.

“It’s encouraging to see however that almost a third of transport businessesplan to increase investment in cyber security, including access to specialist expertise to help them better understand their exposure, strengthen incident response and plan for realistic disruption scenarios across the organisation.”

(Picture: Kenishirote/Dreamstime.com)