Just-in-time production meets real-time threats: automotive’s cyber reckoning

When production slams on the brakes

Last year, Jaguar Land Rover (JLR) experienced a cyber security incident that brought the reality of these risks into sharp focus. The attack forced production stops and caused widespread delays across 5 weeks, with all systems down and wholesale volumes dropping by 43%. More than 5,000 suppliers were affected and the incident triggered a domino effect of cash flow disruptions, impacting not just SMEs but even Tier 1 suppliers. For an industry built on synchronised production schedules, the impact was severe – and the message was clear: even the biggest players are vulnerable.

The supply chain: automotive’s ultimate cyber vulnerability

The automotive supply chain is uniquely vulnerable to cyber security threats. Original equipment manufacturers (OEMs) rely on thousands of suppliers, extending out to Tier 2 and Tier 3 vendors. This sprawl can create significant blind spots, especially when information technology (IT), operational technology (OT) and material supply chains are all considered. The sector's highly synchronised nature, dependent on just-in-time production, means that a standstill at even the smallest supplier can halt production at a major manufacturer. Even manufacturing organisations with all the right programmes, protections and technologies on the enterprise side have zero or next to no defence on the OT side.The systems are highly specialised, making them difficult to integrate into an enterprise cyber security programme.

“Most manufacturing organisations have their enterprise cyber security in good shape, but their OT environments are still at zero. They simply do not know what to do with these specialised systems and that gap is becoming one of their biggest risks.”
Michael Fried, Principal, Forvis Mazars US

This interconnectedness extends to digital systems as well. For example, OEMs sometimes issue purchase orders directly into supplier systems, creating multiple points of potential vulnerability. The industry's susceptibility to working capital issues and cash availability makes these disruptions particularly damaging, as any delay can have immediate financial consequences.

The JLR incident demonstrated an important cyber security truth: it is not just data-rich businesses who make for effective targets. When business continuity is so easily disrupted by plucking a single string in the supply chain, cyber security is a business-critical function, including defences against both bad actors and other types of incidents.

Regulatory pressure is mounting

Cyber security regulations are tightening across the board, especially in Europe. The EU's NIS 2 directive places responsibility on those charged with governance to ensure cyber security meets specific standards, with localised versions adding further complexity. Organisations are grappling with questions about compliance requirements, which vary across different classes and tiers.

Safety-critical systems are definitively in scope for these regulations, as are connected vehicles and IoT systems that must be protected from tampering. Automotive-specific standards have emerged as well, like TISAX, which requires suppliers to be certified before receiving jobs from OEMs. Standards such as UNECE WP.29 and ISO/SAE 21434 are pushing the industry toward cyber security by design.

Whilst these measures ensure higher security standards, they also create barriers for smaller companies trying to enter the sector, as the investment required to achieve compliance could be unachievable.

The connected vehicle challenge

As vehicles become more digitally connected, the potential attack surface expands dramatically. The connective functionality within cars, whether communication between vehicles or between a vehicle and a remote server, can be easily disrupted. This presents one of the sector's most severe challenges, particularly as the technology continues to develop rapidly. Reflecting this pace of change, 41% of executives say that integrating new technologies will be their primary investment in the next 12 months.

Data governance also looms large, especially in discussions data ownership. Vehicles collect vast amounts of personal data, geographic information and multimedia content, yet the answer as to who is responsible for this data remains unclear. Whilst surely the data must be protected, the tools available to address this challenge lags behind the pace of data generation and the burden of implementing cyber protections lies with the data owner, who has yet to be clearly undefined.

However, as consumer appetites for technology integrations increases, connectivity remains the priority. Cyber concerns are not entirely unfounded, but they may be disproportionate to the risk.

“Being hackable does not mean a vehicle is hacked, communication and connectivity must be prioritised for safety and comfort.”
Matthias Frye Senior Manager, Forvis Mazars in Germany

AI and quantum possibilities: promise and peril

Current use cases for AI in the automotive sector remain relatively limited – it is most often leveraged to assist business processes, coding assistance, contract review, etc. – but the potential is vast. Similarly, the promise of quantum computing offers new possibilities for autonomous driving by handling the enormous number of variables that would otherwise be impossible to programme. AI and quantum computing could also revolutionise predictive maintenance, which is the focus of many discussions and the ambition of many players within the sector.

However, EU legislation around autonomous driving, AI decision making and ethics is still evolving. Drivers may be able to use ChatGPT inside their cars, but AI is not yet being deployed for driving-specific functionality and is not considered mature enough to guarantee safety. Questions remain about whether these AI systems themselves can be hacked.

In light of recent incidents, the sector is understandably less focused on these emerging technologies for integration into vehicles than in their potential for protecting business continuity and preventing supply chain disruption. Across leadership, supply chain focus reflects this pressure: 31% prioritise understanding upcoming regulations and governance.

However, as these technologies continue to evolve, the same level of cyber concern and investment given to supply chain security should be applied to any new technology implementations as well.

Unified cyber approaches have become an industry imperative

The sector is improving at isolating vulnerabilities when identified, enhancing overall resilience. Legacy systems are being upgraded with better encryption and patching. Yet, the biggest current risk remains the supply chain, particularly given political pressures and regulatory directions.

Emerging technologies aside, the convergence of existing IT, OT and material supply chains is creating increasing complexity for automotive organisations. Autonomous robotics, real-time production monitoring and digital automation link these technological demands, connecting supplier systems and customer-facing platforms. Whilst this integration enables efficiency gains, it also means that a cyber security breach in one domain can rapidly cascade across all three.

In 2026, automotive organisations need to move beyond treating these as separate security challenges. This means implementing unified visibility across IT and OT environments, ensuring that the same rigour applied to protecting corporate networks extends to factory-floor systems. Organisations should also be conducting regular cyber security assessments, not just of their own operations but across their critical suppliers' cyber security postures – particularly Tier 2 and Tier 3 vendors, who may lack dedicated security teams.

Practical steps for organisations to take in 2026 include:

● Establishing incident response protocols that account for cross-domain attacks.

● Investing in network segmentation to prevent lateral movement between systems.

● Ensuring that any vendor with system access meets baseline security requirements.

● Adding cyber security standards to service level agreements and vendor contracts where appropriate.

“Given the sector's just-in-time dependencies, automotive organisations cannot afford to discover vulnerabilities during an attack. A risk-based cyber security approach will not only help improve postures now, but will create better resilience in the event of an incident – if not within the organisation, then within the supply chain.”
Roman Krepki Senior Manager, Forvis Mazars in Germany

For automotive organisations, cyber security is no longer optional – it is fundamental to operational continuity, regulatory compliance and customer trust.

Frequently asked questions

Why is the automotive industry increasingly vulnerable to cyber-attacks?

Automotive manufacturers rely on complex, highly connected supply chains and OT systems, creating multiple cyber entry points that can disrupt production and impact thousands of suppliers.

How do new cyber security regulations affect automotive organisations?

Regulations like NIS2, TISAX and UNECE WP.29 require stronger cyber controls, pushing OEMs and suppliers to meet strict standards to ensure operational continuity and market access.

What cyber risks arise from connected and autonomous vehicle technology?

Connected vehicles expand the digital attack surface, raising risks around data governance, remote system access and technology integration, especially as AI and IoT features rapidly advance.