Article | July 2, 2026

Automotive cyber risk is now a driver issue

Automotive leaders used to view cyber incidents as enterprise disruptions: costly, embarrassing and largely separate from the product on the road. 

That assumption no longer holds. 

As legacy platforms now coexist with software-defined architectures, connected services and AI-enabled functions, attackers are finding paths that cut across organizational and technical boundaries. 

What begins in a supplier environment, charging ecosystem, or cloud service can now surface in infotainment, telematics or other driver-facing systems. In 2025, one industry analysis tracked 610 automotive cyber incidents and 1,384 reported vulnerabilities, with the pattern shifting closer to the driver.

The boundary between cyber risk and product risk has moved

As well as the sheer volume, what makes this phase different is the way attacks travel. The automotive environment is now an operational fabric that links enterprise IT, suppliers, software platforms, off-board services and the vehicle itself. Attacks no longer stay within a single domain, but pivot from one environment to another. VicOne’s latest findings reinforce the same point, reporting that cross-region, multi-business incidents more than tripled in 2025 and that 33% of observed cyber risk now directly affects driver-facing systems. 

That has direct executive consequences. What was once a technical problem for one team to fix, weakness in a connected service or supplier system has become a customer trust issue, a production continuity issue and, in some circumstances, a safety issue. 

The business impact is broader because the attack surface is broader. Regulators have already moved in this direction. UK vehicle authorities describe UN R155 and R156 as audit- and risk-based regimes that require manufacturers to establish management systems, assign clear responsibilities and monitor the lifecycle of cyber risk and software updates, rather than relying on one-time testing. 

AI is changing the economics of attack

AI is accelerating this shift in two ways. First, it lowers the skill barrier for attackers. People with limited automotive expertise can use AI tools to interpret systems, speed up reconnaissance and automate parts of the research process. For executives, the fact that the cost of experimentation is falling is a major issue -- it means more people can probe more systems more quickly.

Second, AI is creating entirely new exposure. In January 2026, University of California researchers showed that a deceptive physical text could hijack embodied AI systems, including in driverless-car scenarios. Their so-called "CHAI" attack (command hijacking against embodied AI) achieved 81.8% success in driverless-car testing, showing that the physical environment itself can become part of the attack surface. That’s a strategic warning for car industry leaders: when AI interprets the world, cyber risk is no longer confined to code, networks or APIs. It can also ride in through what the vehicle sees and trusts.


The leadership response has to change as fast as the technology

This is why cyber can’t stay organized in silos. If risk now crosses suppliers, cloud back ends and vehicles, governance has to do the same. The most resilient automotive organizations will be those that continuously recalculate risk across domains, connect product security with enterprise security and test for chained incidents instead of isolated technical failures. 

In practical terms, that means shared accountability among engineering, operations, supply chain and security leaders, with board-level visibility when an issue could affect customer experience, uptime or safety. 

Where DXC can help

DXC Technology’s relevance here is that we work across the software, data and validation layers where modern automotive risk now converges. With CARIAD, we helped build a verification and validation framework for automated driving software used across Volkswagen Group vehicles. The outcome wasn’t a technical showcase for its own sake. It made testing faster and more collaborative, helping teams iterate more quickly and improve system reliability while supporting more efficient approval processes. 

DXC can also point to measurable results from large-scale implementations. In one multinational automotive program focused on autonomous vehicles, DXC reduced data ingestion time from days to minutes, cut "time to drive" by 50% and helped reduce disengagement rates toward near-human levels. Those are useful business indicators because they show what resilience looks like in practice: faster learning loops, faster validation and less time between identifying a risk and improving the product. 

Just as important, DXC has also built automotive cybersecurity testing and threat analysis capabilities aligned to UNECE R155/R156 and ISO/SAE 21434. And in software-defined vehicle programs, our AMBER platform workarounds have helped automakers cut redundant development, reducing timelines by up to 50% and costs by up to 30%. The message for leaders is plain: cyber resilience has to be built into the software factory, the validation process and the operating model — not bolted on at the end. 

The next move for auto industry leaders is clear: treat cyber as a product, supply chain and brand-trust priority with direct executive ownership. At this new stage, the frontrunners will be the companies that can see risk across domains, respond continuously and protect the driver experience before a cyber incident turns into a major business crisis.