As vehicles become increasingly software-driven and connected, cybersecurity is emerging as a critical challenge for the automotive industry, with experts warning that every new digital feature can expand the potential attack surface.

In an exclusive interaction with Autocar Professional on the sidelines of the launch of Deloitte India’s ConnectSafe cybersecurity lab, company executives said the rapid rise of connected vehicle technologies is making cybersecurity a foundational requirement in modern vehicle engineering.

“Vehicles today are no longer standalone machines. They are connected ecosystems involving cloud platforms, mobile apps and supplier networks, and every new connected feature increases potential cyber entry points,” said Santosh Kumar Jinugu, Partner – Cyber, Deloitte India.

Modern vehicles increasingly rely on connected features such as keyless entry, remote diagnostics, telematics platforms, mobile applications and over-the-air (OTA) software updates. These capabilities are enabled through multiple electronic control units (ECUs), embedded software systems and backend cloud connectivity, creating a complex digital architecture that must be secured across several layers.

Cyber risks in the automotive sector now extend far beyond individual vehicle components. Experts say vulnerabilities can emerge across the broader ecosystem that supports connected mobility, including supplier networks, mobile applications and cloud infrastructure.

“The automotive sector operates through a large supplier ecosystem. A vulnerability in even a single component or software layer can potentially compromise the entire vehicle platform if cybersecurity is not embedded across the supply chain,” Jinugu added.

Modern vehicles integrate dozens of electronic systems sourced from a wide supplier base across different tiers. As connectivity deepens and software content rises, ensuring consistent cybersecurity practices across Tier 1, Tier 2 and software suppliers is becoming increasingly important for automakers.

Industry experts also emphasise that cybersecurity must be embedded early in the vehicle development lifecycle rather than being addressed after a product is designed.

“Cybersecurity cannot be treated as an afterthought. It has to be built into the vehicle architecture at the design stage, alongside hardware, software and connectivity features,” said Chinkle Umrania, Director, Deloitte India.

Global regulatory frameworks are already pushing automakers and suppliers to adopt structured cybersecurity practices. Standards such as ISO/SAE 21434, which focuses on cybersecurity engineering for road vehicles, are increasingly shaping how connected vehicle systems are designed, validated and monitored.

Deloitte executives noted that many Indian automotive component manufacturers are already aligning with such standards as part of their export commitments. Suppliers providing components to European and North American automakers are increasingly required to comply with cybersecurity frameworks, prompting them to embed these requirements into product development processes.

Industry experts also expect automotive cybersecurity regulation in India to gradually evolve as vehicles become more connected and software-intensive. International frameworks such as UNECE WP.29, which mandate cybersecurity management systems for vehicle manufacturers in several global markets, are already influencing industry practices.

The rapid integration of artificial intelligence and data-driven vehicle systems could further reshape the cybersecurity landscape. As vehicles generate large volumes of operational and behavioural data, AI is increasingly being used to detect anomalies and monitor cyber threats across vehicle networks and connected platforms.

At the same time, experts warn that attackers may also use AI tools to identify vulnerabilities and automate more sophisticated cyber intrusion attempts.

Industry players are also exploring specialised Vehicle Security Operations Centres (V-SOCs) that continuously monitor connected vehicles for cyber threats and anomalies across fleets and digital ecosystems.

As the automotive industry moves towards software-defined vehicles and data-driven mobility platforms, cybersecurity is expected to become an increasingly important competitive factor.

“In the coming years, cybersecurity will become a key differentiator for connected vehicles, just as safety and advanced driver assistance systems are today,” Umrania said.

With vehicles interacting more frequently with cloud services, digital platforms and connected infrastructure, experts believe building cyber-resilient vehicles will become as essential as ensuring safety, reliability and performance in the next phase of automotive innovation.