Estimated reading time: 6 minutes
Imagine a fleet operator arriving Monday morning to find dispatch screens frozen, drivers locked out of their vehicle apps, backend systems encrypted, and attackers demanding payment to restore access. HSB has launched a cyber insurance product for internet-connected work vehicles, called HSB Commercial Cyber for Auto. This coverage is designed for hacked commercial vehicles and the business interruptions that follow. The policy covers “damage to the vehicle’s systems, devices, or data” after a malware attack. It also includes protection against cyber extortion related to vehicle access or content. Additional benefits include towing, labor, transportation, and compensation for loss of use during recovery. The insurer also provides funds to upgrade hardware and software after an incident.
Eric Hendricksen, HSB’s commercial cyber practice lead, noted, “Cyberattacks on commercial vehicles are a real and growing threat.” He warned that criminals can exploit “apps and automobile connections.” He urged business owners to prepare for operational and safety impacts.
Why Fleet Risk Is Different Now
A new industry report highlights why fleet-focused coverage is urgent. Upstream Security’s 2026 Global Automotive and Smart Mobility Cybersecurity Report reviews 494 publicly reported incidents from 2025. The report notes a growing gap between attacker skills and current defenses. It also points to the rapid adoption of AI systems, expanding API ecosystems, and frequent software updates.
The report describes modern mobility as a complex, networked product. It states, “The cloud backend is the new center of gravity for automotive cybersecurity, while APIs are the nervous system.” This shift changes how attacks begin and spread, and it also affects how insurers model loss scenarios.
“The automotive industry is an early adopter of Physical AI,” said Yoav Levy, Co-Founder and CEO of Upstream. Levy added, “However, AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world.”
Ransomware Jumps And Attackers Chase Operational Leverage
Upstream reports a significant increase in ransom-driven incidents in 2025. Ransomware made up 44% of all incidents, showing attackers’ focus on disruption and payment demands. The report also highlights organized cybercrime, with black hat actors responsible for 71% of incidents.
The data shows that remote vehicle cyberattacks now go beyond data theft. Attackers aim to cause downtime, safety concerns, and undermine “public trust in infrastructure.” These outcomes lead to business interruption losses similar to property claims and trigger incident response costs like those in enterprise cyber events.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Remote Access Dominates And Scales Across Fleets
The report finds that most attacks come through networks rather than physical tools. In 2025, remote attacks made up 92% of incidents, and long-range attacks accounted for 86% of those. Upstream explains that remote pathways matter because a remote intrusion can affect many assets at once, while a physical intrusion usually targets just one vehicle.
The report notes that attackers prefer methods that offer leverage and reach. Long-range attacks often use API-based paths, which connect vehicles, mobile apps, and backend services. This setup raises the risk of systemic events and widespread fleet downtime.
Backend Servers Lead The Incident List
Upstream identifies where attackers focus their efforts. In 2025, backend servers were involved in 67% of incidents, a trend linked to ransomware campaigns. The report lists telematics platforms, cloud services, and app servers as main targets.
The report notes that API-based attacks stayed high at 18% of incidents. It also points out that EV charging infrastructure is becoming a bigger target, with charging-related incidents rising to 8% in 2025 from 6% in 2024. These trends highlight insurer concerns, as shared platforms can create accumulation risk. A single vendor compromise can affect many fleets.
Data Exposure Stays High While Safety Risk Grows
The report points out ongoing privacy and data exposure issues, with data breaches rising to 68% of incidents. This increase adds to notification and liability risks for operators and keeps regulatory and class-action pressures active. The report also points out risks related to physical outcomes.
The report describes remote vehicle cyberattacks can change vehicle behavior through connected systems. It presents the ecosystem as both safety-critical and highly connected. It also notes that AI systems can adapt quickly. These factors make security testing and assurance more difficult, and they also complicate investigations after an incident.
WATCH – Real risks from car rentals and rideshares scraping your personal info
AI Expands The Attack Surface And Speeds Adversaries
Upstream identifies AI as a major factor shaping risk in 2025. The report describes new AI architectures as “systemic” exposures across ecosystems and highlights GenAI tools that make attacks easier. Attackers can now automate discovery, exploitation, and social engineering on a large scale. The report calls for operational responses that are fast and able to handle complexity.
The report recommends “AI-driven” security operations throughout the product ecosystem. It also supports broader detection and response across vehicles and backend systems. These suggestions match insurer interests in better controls and monitoring. Continuous telemetry can help with underwriting, speed up triage, and reduce downtime by improving response times.
Why Coverage Now Fits The Risk Curve
HSB’s new product arrives as these trends are unfolding. The insurer designed the coverage to address downtime and extra expenses after a vehicle cyber event. The policy also covers cyber extortion related to vehicle access, which matches the report’s findings about the rise in ransomware incidents.
The coverage also helps with recovery logistics for fleets that have been disrupted. Towing and alternative transportation help keep businesses running, while post-incident upgrades support resilience along with loss prevention. These features match the needs of fleet operations and claim drivers, and they fit the risk profile of connected vehicles in use.
HSB Ties Insurance To Real-World Fleet Exposure
HSB presents the product as a way to fill coverage gaps for smaller businesses. Many commercial policies do not cover cyber-triggered losses involving vehicles, and many warranties do not address cyber incidents. HSB’s new product adds a cyber layer to fleet risk, combining IT and physical exposures.
The Upstream data shows why this combination is important. Attackers target platforms that manage access, operations, and mobility services, which can lead to downtime that affects an entire business day. HSB’s move shows a broader shift in insurance toward covering mobility cyber losses and a growing demand for clearer risk transfer as the ecosystem expands.
Related Cyber Liability Insurance Posts
- UK Longitudinal Cyber Survey Flags Cyber Insurance Uptick And Supplier Risk
- Cyber Insurance for Small and Mid-Size Businesses: HSB’s Cyber Suite Boosts Coverage
- Cyber Insurance Claims 2025: Ransomware Costs and Downtime Surge in NetDiligence Report
- Cyber Exclusion Clauses Tested as GPS Spoofing Threatens Maritime Claims
- Artificial Intelligence Report: Only 44% Ready to Support Secure AI, Delinea Finds
