Fleet electrification is becoming more widespread, with year-over-year (2023–2024) growth estimates exceeding 10% annually. However, as organizations integrate electric vehicles (EVs) into their fleets, they face more than just operational considerations around fueling and maintenance. A parallel challenge is rising- cybersecurity risks grow in lockstep with EV adoption.
EV charging and fleet electrification doesn’t exist in a universe of its own; the systems we plug our vehicles into are connected to local power networks and often the electric grid at large. EV charging, along with data centers and other energy-intensive needs, are creating new and unprecedented demands on the grid, including expansion of the network and the addition of new energy sources and connection points. This rapidly changing environment creates challenges for energy reliability and security. Check Point Research reported a 70% increase in cyber attacks on the U.S. electric grid year-over-year (2023-2024). Because of the critical nature of the grid, it is a prime target for bad actors across ideologies, and criminals will target any vulnerability they can find – unprotected and unmonitored EV charging systems could be the open door they are searching for. Threat actors can either target the charging infrastructure directly or exploit it as a gateway into the broader grid.
This isn’t just a theoretical concern. The 2025 Upstream Global Automotive Cybersecurity Report underscores this reality: cyberattacks targeting automotive and mobility assets have increased sharply, impacting thousands to millions of connected vehicles and charging assets. This report also highlighted that over 60% of cyberattacks had large-to-massive impact, with 74% of incidents causing service disruptions, 67% targeting system controls and 41% focused on sensitive data attacks.
From understanding how EV infrastructure connects, to addressing energy security and resiliency and leveraging AI-driven monitoring, each step in your electrification journey needs to account for the cybersecurity risks associated with connected vehicles and integrate a strong security lens into your fleet electrification planning and operations.
Three critical considerations should guide your fleet planning:
1. Understand how electric vehicles and charging infrastructure connect.
Make sure your organization invests in learning about connectivity and the software ecosystem enabling fleet electrification. Understanding these points of connection is important to uncovering the risks and potential entry points for malicious actors. Just like laptops, cell phones and other digital devices, vehicles and charging stations can also be hacked. Training employees on security protocols for charging and maintenance is critical.
2. Cybersecurity is critical to energy security.
Electric vehicles, electric vehicle charging stations, on-site energy generation and energy storage assets are critical elements of our energy infrastructure – and they are all vulnerable to cyberattacks. Developing risk assessments and threat intelligence as part of fleet electrification planning is essential. With the growth in electrification, energy supply constraints aren’t just from grid outages, they can also happen from cyber disruptions. Take note of where your technology originates. Purchase reputable products from reputable vendors; some companies have been flagged as potential security risks due to flaws or suspected built-in hackability attributes. Also investing beyond regulatory compliance is a good best practice.
A recent example of technology risk involves the UK’s Office for Product Safety and Standards (OPSS) suspended sales of Spanish EV chargers in 2024. The chargers failed to comply with current cybersecurity regulations, raising concerns over potential risks to the national energy infrastructure. Hackers could gain access to thousands of noncompliant chargers and switch them all on at once, generating peak demands that disrupt the grid.
No organization is too small or insignificant to be a target; smaller organizations aren’t often as regulated or protected as larger firms and make the perfect target for threat actors. Bad actors will exploit vulnerabilities to test the system, potentially disrupting your company, customers and bottom line. Even smaller organizations with compromised EV infrastructure can be aggregated into a significant resource impact through bot farms that integrate thousands or millions of compromised computers.
3. Make security the foundation of your fleet electrification journey.
If you are electrifying your fleet, start by asking these questions:
- Have you considered EV charging in your risk management and threat intelligence plan?
- Do you have existing onsite energy generation, energy storage and/or energy management assets? Do you know how these assets connect to the grid?
- What resource(s) do you have (IT/OT, risk management, facilities, etc.) to identify and monitor cyber and other security threats for your fleet and energy assets? Even if you outsource to third-party providers, ensure your organization has internal ownership of cyber oversight.
Next Steps: Achieve New Possibilities with Our Tested Practitioners
From program assessment to system configuration, TRC provides end-to-end cybersecurity solutions that balance the fundamental elements of risk management, operational policies, system hardening and resiliency.
We are collaborating with Upstream, a cloud-based and AI powered data platform for mobility cybersecurity and quality to help transportation leaders integrate cybersecurity, resilience and energy security into their long-term vehicle electrification strategies. Our combined teams are dedicated to safeguarding your assets and ensuring the continuity of your operations in an increasingly complex digital landscape.
Contact us today to learn how we can help your organization integrate industry-leading security strategies into your fleet electrification, EV infrastructure and distributed energy resource planning.
Gain Peace-of-Mind
Get in Touch with TRC and Upstream
