It fundamentally determines how these vehicles are secured, maintained, and how their value is harnessed throughout their lifecycle. For customers to trust these intelligent machines, connectivity and security must be built in and maintained from the outset. By enabling over-the-air (OTA) updates, connectivity allows OEMs to keep vehicles secure and ensure their digital infrastructure remains adaptable to future risks and opportunities.

The stakes are high

The connected car market is projected to exceed $190 billion by 2028. But with this growth comes increasing complexity. Vehicles are no longer static machines; they are dynamic, cloud-based platforms that rely on seamless data exchange, constant software updates, and tight integration with networks and digital services.

This evolution brings mounting cybersecurity concerns. In 2023 alone, cyber-attacks cost the automotive sector more than $11 billion. Nearly half of drivers today express concern that their vehicles could be hacked. In response, 86% of global OEMs now say cybersecurity is a top priority – a finding from Cubic³’s recently commissioned research, which involved interviews with 60 OEMs and 8000 consumers. These OEMs also recognise that connectivity plays a critical role in protecting vehicles across their entire lifecycle, from factory floor to the point of resale.

Building connectivity into the SDV stack would support OEM security

Securing SDVs means thinking holistically. It starts with global standards like ISO/SAE 21434, which provides a framework for assessing and managing cybersecurity risks throughout a vehicle’s development and operation. This is exactly what seamless, secure connectivity enables – from threat modeling at the design stage to managing vulnerabilities post-sale.

In parallel, UNECE WP.29 mandates that manufacturers must now implement cybersecurity and software update management systems – clear indicators that regulators expect continuous, proactive risk mitigation, not one-off fixes, over the lifetime of the vehicle. For these standards to be met OEMs require reliable, seamless connectivity that will ensure their vehicles are continuously updated – and remain secure – not matter when they are in the world

The impact of the new eSIM standard

GSMA’s SGP.32 eSIM standard enables OEMs to simplify and secure how connected services are delivered. Rather than managing carrier relationships country by country, SGP.32 supports remote provisioning of mobile network profiles across global markets. They’re secure, scalable, and don’t require re-engineering backend systems.

This flexibility is key. It supports seamless OTA updates, dynamic switching of connectivity providers and secure management of in-car services like diagnostics, infotainment, and Vehicle-to-Everything (V2X) communication, while still preserving data integrity and user privacy.

Complementing this, GSMA’s Open Gateway initiative is crucial for secure, cross-border operability. By standardising APIs across operators, Open Gateway enables easily managed unified connectivity at scale – helping OEMs build globally compliant and adaptable platforms.

Network intelligence and security at machine speed

As vehicles become increasingly software-defined, OEMs must move beyond static connectivity towards responsive and intelligent networks. These must guarantee low latency, prioritise traffic in real time, and respond autonomously to threats.

Zero-trust architectures, built on continuous identity and access verification, and automated security responses are becoming essential. Vehicles demand security that operate at machine speed – detecting, isolating and mitigating risks in real-time. This next generation of secure mobility depends on safely unlocking key features through network APIs. These allow for intelligent service automation from prioritising mission-critical traffic to enabling real-time threat detection across the vehicle’s digital perimeter.

A lifecycle mindset

Security and connectivity are critical to the software-defined vehicle and must be continually maintained not just at launch, but across the vehicle’s life. That means:

• Designing with modularity, so components can be patched or upgraded over time
• Auditing digital supply chains, to eliminate vulnerabilities introduced through third-party systems
• Creating incident response protocols, to contain and resolve emerging threats swiftly
• And partnering across industries, including telcos, cloud providers and regulators, to harmonise standards and close security gaps before they are exploited.

OEMs that adopt this lifecycle mindset – supported by standards like ISO/SAE 21434 and GSMA’s eSIM and Open Gateway frameworks – will be better positioned to deliver the safety, trust and innovation that consumers expect from connected vehicles.