Something else happened in the early 2010s: the internet of things (IoT) boom that saw hardware become an extension of the internet. “The internet of things” is the ecosystem of smart devices connected to the web so they can collect, send and receive data. For the automotive industry, the IoT boom meant vehicles and EV charging points became more software-defined, networked and autonomous. It also created the ultimate jeopardy as the scale and complexity of potential vulnerabilities grew, meaning that a cybersecurity attack could result, theoretically, in your car being taken over while you’re driving it.

In response to this new threat landscape, cybersecurity roles have evolved rapidly, becoming more specialised, embedded and critical to product development and compliance.

From back office to front line

Historically, cybersecurity in automotive was isolated within corporate IT departments, often disconnected from product teams. Today, with connected cars featuring advanced telematics, V2X (vehicle-to-everything) communications and remote diagnostics, cybersecurity intersects directly with engineering, compliance, safety and even brand reputation.

Probably the most famous watershed moment occurred in 2015, when two white hat hackers—ethical hackers employed to find and test vulnerabilities in networks before less scrupulous people do—successfully hacked a Jeep Cherokee on the highway. Their actions, which included remotely switching off the engine of the jeep, prompted a recall of 1.4 million vehicles and highlighted how digital weaknesses could translate into physical safety risks.

According to McKinsey, modern cars can contain up to 150 electronic control units—effectively tiny computers that control different functions—and millions of lines of code, creating many potential entry points for attackers. The threat extends beyond vehicles themselves to the connected ecosystem in which they operate.

A new generation of roles

In response, cybersecurity has moved from the margins to become a defined career path within automotive. New roles emerging include:

• Vehicle Cybersecurity Engineers: These specialists are embedded in product teams and work across the vehicle lifecycle to ensure secure design, architecture, and integration of cryptographic protections in ECUs and control systems.
• Cybersecurity Compliance Managers: With international regulations now in force, these professionals ensure brands adhere to standards like UNECE R155 and ISO/SAE 21434, which mandate cyber risk management across development, production, and post-sale. CCMs are emerging across OEMs and Tier 1 suppliers, where they are responsible for interpreting the regulatory and standards landscape and turning it into operational best practice.
• Threat Intelligence Analysts: These analysts track vulnerabilities, monitor attack trends, and provide real-time data to mitigate threats, often within in-house Security Operations Centres (SOCs).
• Penetration Testers (Red Teamers): These ethical hackers simulate attacks to identify weak spots before vehicles are released. Many OEMs and suppliers integrate red-teaming into their security validation processes to identify vulnerabilities and enhance system resilience, often outsourcing it to highly skilled and specialist suppliers.
• Security Software Developers: Tasked with creating secure-by-design systems, from encrypted vehicle networks to secure OTA (over-the-air) software update platforms.

 

The skills that set candidates apart

The emergence and continuing development of these roles has changed the skillsets that automotive employers need. As well as a deep knowledge and understanding of the interconnected digital environment, professionals now need:

• Knowledge of embedded systems. Automotive ECUs, real-time operating systems and controller networks each present unique security challenges.
• Familiarity with regulations. ISO/SAE 21434 and UNECE R155 have become essential reading for anyone in automotive security. The former defines a process-oriented framework for risk management, while the latter—a UN regulation outlining requirements for managing cyber risks throughout a vehicle’s lifecycle—is legally enforceable in the UK.
• Live threat response capabilities. OEMs and Tier 1 suppliers increasingly operate 24/7 vehicle Security Operations Centres to monitor threats in real time, requiring analysts to work at the intersection of data science and automotive architecture.
• Cross-functional collaboration skills. Cybersecurity experts work alongside mechanical engineers, software developers, compliance leads and even marketers, ensuring security is understood and prioritised across the business.

A business risk—and opportunity

Cybersecurity attacks can cause financial and reputational damage in equal parts. According to VicOne, 530 automotive vulnerabilities were identified in 2024, with cyberattacks in the areas of data leakage, system downtime and ransomware damage resulting in losses to the automotive industry of over $22billion, compared to £1Billion in 2022.

Cybersecurity is now a safety-critical concern for the automotive sector, and this is echoed by regulation. UNECE R155 requires that all new vehicle types must include a Cybersecurity Management System (CSMS) as a condition of type-approval. Fleet insurers are increasingly adopting telematics data to assess risk associated with connected vehicles.

What comes next?

As software-defined vehicles (SDVs), mobility-as-a-service and increased AI integration become hallmarks of the new automotive industry, the need for cybersecurity expertise is increasing, and the function of the roles more sophisticated. We expect to see Chief Vehicle Security Officers (CVSOs) in OEM boardrooms, Automotive SOC Engineers specialising in fleet monitoring and AI Ethics Auditors ensuring that machine learning models in AVs are ethical and secure. We’re pretty confident that demand for this expertise will outstrip supply. But OEMS and suppliers are already embedding cyber-thinking from the ground up, investing in people with the curiosity, creativity and drive to keep mobility secure.