The increasing digitization of industrial production has ushered the automotive industry into a new era of technological efficiency, but at the same time has created a previously underestimated vulnerability to cybercrime. Modern vehicle manufacturing plants are now tightly interconnected systems comprising cloud platforms, AI-powered controls, robotics, and digitized supply chains. It is precisely this complexity that makes the industry increasingly vulnerable to targeted cyberattacks, which no longer affect only office IT but can directly interfere with production processes.

A recent white paper by the Center of Automotive Management (CAM), produced in cooperation with Cisco, clearly demonstrates how significantly the threat landscape has intensified in recent years. According to the authors’ estimates, the economic damage caused by cyberattacks in the global automotive industry now amounts to over 20 billion U.S. dollars. Particularly striking is the pace of this development: compared to 2022, this represents roughly a twentyfold increase in the total damage.

The consequences of such attacks are no longer limited to data loss or IT outages. In many cases, they lead directly to production stoppages, disrupted supply chains, and significant economic damage. Major companies in the industry have already experienced this firsthand, including international manufacturers and key suppliers. Production lines can come to a standstill within a matter of hours if central IT or control systems are compromised.

A key finding of the analysis concerns the structure of attack targets within the automotive value chain. While many observers would initially assume that the focus is on major vehicle manufacturers, a different picture emerges. The majority of cyberattacks are directed at supplier companies. According to studies, these companies account for around 57 percent of the attacks. Dealers follow with about 22 percent, while the actual vehicle manufacturers represent only a comparatively small share of the direct targets.

This development has a strategic basis. Cybercriminals specifically target the most vulnerable points within supply chains. Suppliers often have less robust security structures than large corporations, yet are closely integrated with their production processes. A successful attack on a specialized supplier can therefore disrupt production at multiple vehicle manufacturers in a very short time. Another decisive factor is the increasing convergence of traditional information technology and industrial control technology. In modern factories, production machinery, sensors, control systems, and management systems are interconnected via digital networks. This creates new attack vectors through which intruders can work their way from traditional IT systems deep into the control level of machines.

Ransomware groups, in particular, have recognized these opportunities. They exploit vulnerabilities in networks, remote maintenance systems, or cloud connections to block production facilities and then demand a ransom. In addition to criminal actors, state-sponsored groups are increasingly playing a role, specifically targeting industrial infrastructure for espionage or sabotage. The economic impact of such attacks can be enormous. Industry experts point out that production stoppages at large vehicle plants can quickly cause damages in the tens of millions per day. As a result, cybersecurity has evolved from a purely technical IT issue into a central concern for industrial operational safety.

An accompanying survey of industry representatives also reveals which risks decision-makers currently perceive as particularly critical. At the top of the list are security issues related to cloud infrastructures and remote workstations. These are followed by classic ransomware and malware attacks. At the same time, new threat areas are gaining significance, such as AI-enabled attack methods or security vulnerabilities in increasingly networked vehicle platforms. The situation is further complicated by the fact that many production sites operate with a mix of modern digital infrastructure and older industrial systems. These so-called legacy systems are often difficult to integrate into modern security architectures. This results in complex IT landscapes with numerous potential entry points.

In addition to technological challenges, the study also identifies structural problems within companies. In particular, the shortage of skilled personnel in the field of industrial cybersecurity poses a major hurdle. At the same time, many organizations lack clearly defined responsibilities between IT departments, production management, and security officers. At the same time, regulatory pressure is mounting. National and international regulations are demanding increasingly stringent security measures for critical industrial infrastructure. Companies must therefore not only implement technical solutions but also establish organizational structures to systematically meet security requirements.

To provide guidance in this complex environment, the white paper proposes a strategic assessment model known as the 4C Framework. This model views cybersecurity not solely as a technical protective measure, but as a holistic management approach. The focus is on the four dimensions of competencies, cooperation, culture, and cyber strategy. Key considerations include whether employees possess sufficient security competencies, how reliably partners and suppliers are integrated into security processes, and whether a genuine security culture has been established within the organization. Only the interplay of these factors can lead to stable cyber resilience in the long term.

The authors emphasize that, given its globally networked production structures, the automotive industry can only effectively protect itself through such a comprehensive approach. Individual technical measures are insufficient if organizational and strategic aspects are not taken into account.

Conclusion

The increasing connectivity of industrial production systems is fundamentally changing the security requirements of the automotive industry. Cyberattacks no longer affect only IT infrastructure; they can directly impact production lines, supply chains, and thus the entire value chain of the industry. Suppliers, in particular, are becoming the focus of attackers as critical vulnerabilities in global production networks. The analysis clearly shows that cybersecurity has become a central management task that must combine technological, organizational, and strategic measures to ensure industrial resilience in the long term.

Sources