VicOne Announces '2026 Automotive Cybersecurity Report': Automotive Industry Enters 'Overlap Era' with Coexistence of Traditional Vehicles and SDVs

VicOne (Shibuya-ku, Tokyo, CEO Max Chen), a subsidiary of Trend Micro Inc. (Shinjuku-ku, Tokyo, CEO Eva Chen) and a leading company in the automotive cybersecurity field, has announced the 'VicOne 2026 Automotive Cybersecurity Report,' which clarifies the current state of automotive cybersecurity. The report reveals that the automotive industry has entered a new phase defined as the 'Overlap Era.' Currently, while traditional vehicle platforms still dominate, the rapid advancement of SDV (Software-Defined Vehicle) transformation, connectivity, and AI integration into vehicles has created a transitional period where new and old technologies coexist within the same vehicle ecosystem. During this period, multiple risk areas overlap, requiring a comprehensive approach to cybersecurity that includes not only technical aspects but also governance and decision-making. **■ Key Highlights of the Report** * Total number of automotive cybersecurity incidents reported in 2025: 610 cases (approx. 2.8 times year-on-year increase) * Total number of automotive-related vulnerabilities disclosed in 2025: 1,384 cases (approx. 1.5 times year-on-year increase) * Attack surface shifting from enterprise IT systems (37.7%) to in-vehicle systems (39.7%), with layers closer to the driver becoming primary targets. * The number of incidents in Japan surged over 8 times year-on-year, from 5 to 41 cases, accounting for approximately half of all incidents in Asia. * While 89% of automotive-related vulnerabilities are disclosed in the CVE database, the remaining 11% consistently exist outside governance control, such as zero-day vulnerabilities. The report can be downloaded from: https://vicone.com/jp/reports/2026-automotive-cybersecurity-report **■ Overall Picture of Automotive Cyber Threats Based on 2025 Data** **Attacks Expanding to OEMs and Vehicle Bodies — 610 Incidents, Approximately 2.8 Times Year-on-Year** In 2025, 610 cybersecurity incidents were reported in the automotive industry, a sharp increase of approximately 2.8 times compared to the previous year (215 cases). In addition to attacks targeting dealers, which were common previously, attacks directly targeting OEMs have also increased. Furthermore, the number of vulnerabilities discovered in 2025 also grew to 1,384 cases, approximately 1.5 times the previous year. In 2025, a series of vulnerabilities were revealed in two Japanese OEMs that allowed vehicle tracking and remote control through backend and communication systems. As connectivity advances, risks directly related to vehicle safety and privacy are becoming a reality.