90% of drivers say that automotive cybersecurity has become a key factor in car purchases

[PCauto] According to the latest "2025 Connected Car Cyber Safety & Security Index" report released by RunSafe Security, cybersecurity has become a major consideration in consumers' car purchasing decisions.

The study shows that nearly 90% of drivers explicitly state that the level of cybersecurity protection in a vehicle will directly influence their purchase choice.

This survey, which covers 2,000 drivers in the United States, the United Kingdom, and Germany, points out that 76% of respondents are worried that cyberattacks could lead to traffic accidents or physical danger, and 79% prioritize physical safety over personal information protection.

Automobiles are undergoing a transformation from mechanical products to moving computers

The safety risks of automobiles are hidden precisely in their core digital functions. GPS navigation, Bluetooth connectivity, keyless entry, and advanced driver assistance systems (ADAS) – each of these features that make driving more convenient could become an entry point for hackers.

The Jeep Cherokee hacking incident in 2015 is a typical case, where researchers remotely attacked and successfully disabled the throttle and brake systems of a moving vehicle, ultimately forcing Fiat Chrysler to recall 1.4 million vehicles of the same model.

The "Perfekt Blue" Bluetooth vulnerability exposes millions of vehicles equipped with Bluetooth functionality to risks, allowing thieves to remotely unlock car doors through signal amplification without the need to physically access the keys.

Additionally, malicious software can infect the vehicle's Electronic Control Unit (ECU), causing system crashes. Hackers can inject malicious code to disrupt the Over-the-Air (OTA) update process and even steal sensitive data like GPS tracks and call logs via vehicle networks.

Global regulations set strict boundaries for automotive cybersecurity

In response to the escalating threats, global regulators have taken a critical step. The World Forum for Harmonization of Vehicle Regulations (UN WP.29) issued UN Regulation No.155, mandating automakers to establish and maintain Cybersecurity Management Systems (CSMS), failing which new vehicles cannot access the European market.

The ISO/SAE 21434 standard, on the other hand, outlines a risk management framework for automotive cybersecurity from a full lifecycle perspective, covering every phase from vehicle design and production to disposal.

In China, a preliminary legal framework centered around the "Cybersecurity Law," "Data Security Law," and "Personal Information Protection Law" has taken shape. Last year's release of the "Intelligent Connected Vehicle Access and Road Traffic Pilot Notice" further made cybersecurity a core assessment criterion for vehicle access. Cars must pass cybersecurity reviews before they can enter the Chinese market.

Automakers are addressing automotive cybersecurity issues at their roots

Automakers' response strategies begin at the vehicle development stage.

The first step involves secure software development by adopting secure coding standards, conducting code reviews, and performing penetration testing to proactively identify potential vulnerabilities. Runtime protection mechanisms are introduced to prevent unauthorized software from executing in vehicle systems. Secure boot technology ensures that only digitally signed and trusted firmware can be loaded and executed.

To address safety risks on the CAN bus, which originally served as the neural network connecting various electronic components in vehicles and lacked built-in security mechanisms, manufacturers now add an encryption layer to the communication link. Message authentication is employed to verify the source of commands, and intrusion detection systems (IDS) are deployed to monitor abnormal traffic in real-time and block it promptly.

​​The upgrades to the keyless entry system are more noticeable:

· Ultra-Wideband (UWB) technology can accurately measure the physical distance between the key and the vehicle, preventing "relay attacks";

· Biometric features like fingerprint or facial recognition leave no opportunity for thieves who steal physical keys;

· Rolling encryption ensures each wireless signal for unlocking is unique, making it impossible for hackers to replicate or crack.​​

Protection for ​​OTA updates​​ has also been strengthened ​​through multiple layers of security​​: end-to-end encryption prevents data tampering during transmission; digital signature verification ensures update package authenticity; and multi-factor authentication (MFA) blocks unauthorized system access.

The cutting-edge feature is AI-driven threat monitoring, where machine learning algorithms analyze vehicle network traffic in real-time, automatically identifying and blocking suspicious activities. They also learn new attack patterns from each incident to continuously optimize defense strategies.

Cybersecurity Has Become the Most Critical Safety Issue in the Automotive Industry

The RunSafe Security report ultimately points out that cybersecurity has become an irreversible priority in the automotive industry.

The fact that 87% of consumers' car purchase decisions are influenced by safety factors and 35% are willing to pay a premium already reflects the demands of the market consumers.

With the United Nations World Forum for Harmonization of Vehicle Regulations about to discuss the R155 upgrade plan, global automotive cybersecurity standards will become more stringent.